| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Web.de (Mail delivery failed)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.11.2012, 11:55
| #1 |
 |  Web.de (Mail delivery failed) Hallo, ich habe so ziemlich das selbe Problem wie T-13 (siehe Beitrag. So wie es aussieht werden über meinen web.de Account ordentlich Mails über den Web.de Server verschickt. --- The header of the original message is following. --- Code:
ATTFilter Received: from bpvx ([113.240.220.125]) by smtp.web.de (mrweb102) with ESMTPA
(Nemesis) id 0Lrb3x-1TEaxt28Bp-013HK6 for <bleuchris88@gmail.com>; Thu, 29
Nov 2012 10:49:49 +0100
Message-ID: <C0BCC0CD2F91EA7DABC04867EE8237DE@bpvx>
From: "WOW"
To: <bleuchris88@gmail.com>
Subject: =?utf-8?B?4piFPFlPWU9PPuKYhVdPV2dvbGRfXzEw?=
=?utf-8?B?VVNEPTEwSyBQcm9taXNlIGZpdmU=?=
=?utf-8?B?IG1pbnV0ZXMgZGVsaXZlcnkh?=
Date: Thu, 29 Nov 2012 17:49:43 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0C09_01492F5F.12BC2080"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: only_a_fake@web.de
X-Provags-ID: V02:K0:QSlDQarq9Jr/2p4+Yg8Z0+ZjB5k330EvTs6BT1YmNRf
473wEjzAa+c9JqfNhqbs2U3TWe7Aka/Ytp7Le/Q4IV0ryDs/qs
8H9x7X2Tz88og/0U/3xZj2do5yftTTNs/h80EpPBh3bgGI2bEO
mvNXb4CZLUupsFdphKIGTnn7+5mL42LQoG+8e/S34IWecg2LhG
GhqaOSblmYAo4V73JZI4Q==
Das Passwort habe ich jetzt gerade schon mal geändert, jedoch hatte ich wirklich ein 0815-Passwod verwendet, welches ich für diverse Foren (auch dieses hier) benutze. Da ich die Email-Adresse auch nur für unwichtige Anmeldungen nutze, hatte ich dort das selbe PW genutzt. Jetzt geht es mir eigentlich eher darum, ob ich aktuell einen Trojaner besitze oder nicht. Das irgendeine Datenbank der unzähligen Foren in den vergangenen 5 Jahren mal leergeräumt wurde halte ich als sehr wahrscheinlich. (jetzt bitte kein: "aber da steht dein pw ja nicht in plaintext "  )Ich habe dann mal soein OLT durchlaufen lassen, falls das hilfreich wäre. Schonmal im Vorraus vielen Dank. Code:
ATTFilter OTL logfile created on: 29.11.2012 11:41:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\DownLoad 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,92 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 71,66% Memory free 11,72 Gb Paging File | 9,86 Gb Available in Paging File | 84,17% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 0,98 Gb Free Space | 1,65% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 65,19 Gb Free Space | 33,38% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 714,78 Gb Free Space | 38,37% Space Free | Partition Type: NTFS Drive F: | 488,28 Gb Total Space | 54,95 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Drive G: | 247,91 Gb Total Space | 28,58 Gb Free Space | 11,53% Space Free | Partition Type: NTFS Computer Name: NEON-PC | User Name: neon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.29 11:38:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\DownLoad\OTL.exe PRC - [2012.10.27 21:19:15 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.05.18 17:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe PRC - [2012.05.18 17:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2012.05.09 11:43:20 | 000,188,551 | ---- | M] (3S-Smart Software Solutions GmbH) -- C:\Program Files (x86)\3S Software\CoDeSys SP RTE\ServiceControl_RTE23.exe PRC - [2012.02.16 17:31:22 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.16 17:31:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.01.19 11:39:48 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.21 15:28:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe PRC - [2011.12.02 04:10:12 | 003,649,945 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe PRC - [2011.12.02 04:10:12 | 000,090,042 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.19 17:59:06 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe PRC - [2011.09.02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.11.20 03:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2009.08.28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 21:42:03 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll MOD - [2012.11.16 21:42:01 | 012,082,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c4eb7af61b41a2bc836352bc30f88f14\System.Web.ni.dll MOD - [2012.11.16 21:41:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll MOD - [2012.11.13 19:51:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.13 19:51:48 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.13 19:49:21 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll MOD - [2012.11.13 19:49:19 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.13 19:49:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll MOD - [2012.11.13 19:49:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.13 19:49:16 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll MOD - [2012.11.13 19:49:15 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.13 19:49:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.05.18 17:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.28 14:33:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.09 19:30:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.27 11:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.18 17:37:40 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2012.05.09 11:43:20 | 000,188,551 | ---- | M] (3S-Smart Software Solutions GmbH) [Auto | Running] -- C:\Program Files (x86)\3S Software\CoDeSys SP RTE\ServiceControl_RTE23.exe -- (ServiceControl_RTE23_3S_GmbH) SRV - [2012.02.16 17:31:22 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.16 17:31:17 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.01.19 11:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.21 15:28:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe -- (Palm_TCP_Relay) SRV - [2011.12.02 04:10:12 | 000,090,042 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2) SRV - [2011.12.01 19:05:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.11.28 11:20:48 | 000,074,752 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe -- (Tomcat6) SRV - [2011.10.06 22:11:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.10.06 22:11:38 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.09.19 17:59:06 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD) SRV - [2011.09.02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.07.21 02:56:20 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.26 18:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.05.11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.25 13:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012.01.25 13:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2012.01.25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2012.01.25 13:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.10.24 17:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.10.06 22:23:36 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.10.06 22:10:30 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.10.06 21:18:04 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.03.16 09:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 11 21 80 10 9C CD 01 [binary data] IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes\{5245B0E8-C262-438f-BE22-8193FD3EA43C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 8F C9 1F 71 84 CC 01 [binary data] IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes\{5245B0E8-C262-438f-BE22-8193FD3EA43C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: F:\Shootmania Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ich\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ich\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ich\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ich\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ich\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 10:59:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.09 10:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Extensions [2012.10.10 18:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\idg4kh9n.default\extensions [2012.10.10 18:42:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\idg4kh9n.default\extensions\ich@maltegoetz.de [2012.09.24 18:00:32 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\firefox\profiles\idg4kh9n.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.17 19:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.31 10:45:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.28 20:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ich\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ich\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ich\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: GWT DMP Plugin (Enabled) = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.9738_0\WINNT_x86-msvc/npGwtDevPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Angry Birds = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Drive = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Turn Off the Lights = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.17_0\ CHR - Extension: YouTube = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\ CHR - Extension: Angry Birds Space = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmcjfbmlohmjkpbchljecehcpnpkmpog\1.6_0\ CHR - Extension: Google News = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Proxy SwitchySharp = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.49_0\ CHR - Extension: Gmail offline = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Google Kalender = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Gtalk = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhdmanlbebkeibbfagebjpolgejfnpl\4.3_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\ CHR - Extension: AdBlock = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\ CHR - Extension: Spotify Chrome Extension = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb\1.0.3_0\ CHR - Extension: WebRC = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmihojfcjdmpmpfbjajkfpbhgieibpi\1_0\ CHR - Extension: Dropbox = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\ CHR - Extension: Disconnect = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\ CHR - Extension: OpenOffice Document Reader = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\ CHR - Extension: GWT Developer Plugin = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11338_0\ CHR - Extension: Rechner = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao\1.0.9_0\ CHR - Extension: YouTube Downloader = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecinmfhadegpcdocbpfdgffjopphmoa\11.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Quick Note = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Google Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Google Mail = C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [Facebook Update] C:\Users\ich\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [Spotify] C:\Users\ich\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [Spotify Web Helper] C:\Users\ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [ApacheTomcatMonitor6.0_Tomcat6] C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [chromium] C:\Users\postgres\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Spotify] C:\Users\ich\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Spotify Web Helper] C:\Users\ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ich\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E65E2C-651D-4923-AD76-C2760884E295}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.27 22:19:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9a442f9a-1833-11e1-9693-002522cc4d75}\Shell - "" = AutoRun O33 - MountPoints2\{9a442f9a-1833-11e1-9693-002522cc4d75}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\index.html O33 - MountPoints2\{f1d0312e-16ef-11e2-809e-002522cc4d75}\Shell - "" = AutoRun O33 - MountPoints2\{f1d0312e-16ef-11e2-809e-002522cc4d75}\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe - () MsConfig:64bit - StartUpFolder: C:^Users^neon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^neon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AllShareAgent - hkey= - key= - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: ApacheTomcatMonitor6.0_Tomcat6 - hkey= - key= - C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe () MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe () MsConfig:64bit - StartUpReg: CTSyncService - hkey= - key= - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: ENISysTray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\ich\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: GoogleChromeAutoLaunch_EC6DDD84F8E4F65260DA1CFCEBCA641F - hkey= - key= - C:\Users\ich\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: RTSysTray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - F:\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: XFastUsb - hkey= - key= - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3E0DCA76-6D0F-D7BB-9AA3-E46E917B44C2} - Microsoft Windows Media Player ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {965992E2-D155-CE78-BE6C-7FAD6AD3C050} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\ich\Documents\Calibre Bibliothek [2012.11.23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\calibre [2012.11.23 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2 [2012.11.23 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012.11.18 23:12:17 | 000,000,000 | --SD | C] -- C:\Users\ich\Documents\Meine Datenquellen [2012.11.16 18:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hulumuluch [2012.11.13 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.2 [2012.11.02 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Local\Painkiller Redemption [2012.10.31 12:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games [2012.10.31 12:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCapY [2012.10.31 12:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2012.10.31 11:03:17 | 000,000,000 | ---D | C] -- C:\Users\ich\node34_2bc [2012.10.30 18:39:11 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Day 1 Studios [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.29 11:30:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.29 11:14:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000UA.job [2012.11.29 11:09:16 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 11:09:16 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 11:06:24 | 001,622,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.29 11:06:24 | 000,700,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.29 11:06:24 | 000,655,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.29 11:06:24 | 000,149,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.29 11:06:24 | 000,121,946 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.29 11:02:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.29 11:02:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.29 11:01:56 | 469,766,143 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 23:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 22:00:20 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000UA.job [2012.11.28 17:14:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000Core.job [2012.11.28 13:00:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000Core.job [2012.11.27 22:34:43 | 000,046,785 | ---- | M] () -- C:\Users\ich\Desktop\Logbuch_TT.pdf [2012.11.25 15:50:19 | 000,000,201 | ---- | M] () -- C:\Users\ich\Desktop\Dead Space.url [2012.11.25 15:49:12 | 000,000,201 | ---- | M] () -- C:\Users\ich\Desktop\Metro 2033.url [2012.11.25 13:55:26 | 000,074,946 | ---- | M] () -- C:\Users\ich\Documents\150234_447719185291747_1822559502_n.jpg [2012.11.24 13:27:30 | 000,000,199 | ---- | M] () -- C:\Users\ich\Desktop\Dota 2.url [2012.11.24 13:27:30 | 000,000,173 | ---- | M] () -- C:\Users\ich\Desktop\Dota 2 Test.url [2012.11.24 13:10:02 | 000,062,542 | ---- | M] () -- C:\Users\ich\Desktop\tuscan.png [2012.11.23 13:35:10 | 000,001,796 | ---- | M] () -- C:\Users\ich\Desktop\Hitman.lnk [2012.11.23 11:27:47 | 001,169,978 | ---- | M] () -- C:\Users\ich\Desktop\Ein plotzlicher Todesfall - Joanne K. Rowling.epub [2012.11.21 18:05:54 | 000,026,319 | ---- | M] () -- C:\Users\ich\Desktop\Moduluebersicht.class.violet [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II - Zombies.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II - Multiplayer.lnk [2012.11.13 20:40:19 | 000,374,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 18:27:48 | 000,032,837 | ---- | M] () -- C:\Users\ich\Desktop\pacmanBildmontage.png [2012.11.01 17:36:56 | 000,000,200 | ---- | M] () -- C:\Users\ich\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url [2012.10.31 18:56:26 | 000,000,201 | ---- | M] () -- C:\Users\ich\Desktop\Painkiller Redemption.url [2012.10.31 12:52:03 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk [2012.10.31 11:20:25 | 000,015,213 | ---- | M] () -- C:\Users\ich\Desktop\2012-08-29 16.38.37.jpg [2012.10.30 21:06:12 | 000,001,109 | ---- | M] () -- C:\Users\ich\Desktop\bildBeispiel.xml [2012.10.30 18:23:56 | 000,000,199 | ---- | M] () -- C:\Users\ich\Desktop\Left 4 Dead 2.url [2012.10.30 17:36:05 | 000,000,201 | ---- | M] () -- C:\Users\ich\Desktop\F.E.A.R. 3.url [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 22:30:28 | 000,046,785 | ---- | C] () -- C:\Users\ich\Desktop\Logbuch_TT.pdf [2012.11.25 15:50:19 | 000,000,201 | ---- | C] () -- C:\Users\ich\Desktop\Dead Space.url [2012.11.25 15:49:12 | 000,000,201 | ---- | C] () -- C:\Users\ich\Desktop\Metro 2033.url [2012.11.25 13:55:23 | 000,074,946 | ---- | C] () -- C:\Users\ich\Documents\150234_447719185291747_1822559502_n.jpg [2012.11.24 13:27:30 | 000,000,199 | ---- | C] () -- C:\Users\ich\Desktop\Dota 2.url [2012.11.24 13:27:30 | 000,000,173 | ---- | C] () -- C:\Users\ich\Desktop\Dota 2 Test.url [2012.11.24 13:10:02 | 000,062,542 | ---- | C] () -- C:\Users\ich\Desktop\tuscan.png [2012.11.23 17:18:57 | 001,169,978 | ---- | C] () -- C:\Users\ich\Desktop\Ein plotzlicher Todesfall - Joanne K. Rowling.epub [2012.11.23 13:35:10 | 000,001,796 | ---- | C] () -- C:\Users\ich\Desktop\Hitman.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II - Zombies.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\ich\Desktop\Call of Duty Black Ops II - Multiplayer.lnk [2012.11.13 19:50:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.13 19:46:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 18:23:18 | 000,032,837 | ---- | C] () -- C:\Users\ich\Desktop\pacmanBildmontage.png [2012.11.01 17:36:56 | 000,000,200 | ---- | C] () -- C:\Users\ich\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url [2012.10.31 18:56:26 | 000,000,201 | ---- | C] () -- C:\Users\ich\Desktop\Painkiller Redemption.url [2012.10.31 12:44:56 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk [2012.10.30 20:56:07 | 000,001,109 | ---- | C] () -- C:\Users\ich\Desktop\bildBeispiel.xml [2012.10.30 18:23:56 | 000,000,199 | ---- | C] () -- C:\Users\ich\Desktop\Left 4 Dead 2.url [2012.10.30 17:36:05 | 000,000,201 | ---- | C] () -- C:\Users\ich\Desktop\F.E.A.R. 3.url [2012.10.24 05:27:50 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.10.23 10:50:14 | 000,000,173 | ---- | C] () -- C:\Users\ich\AppData\Local\msmathematics.qat.neon [2012.05.01 17:55:59 | 000,000,771 | ---- | C] () -- C:\Users\ich\eclipse.lnk [2012.04.24 14:07:59 | 000,000,233 | ---- | C] () -- C:\Windows\FTRUN32.INI [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.06 00:11:15 | 000,007,617 | ---- | C] () -- C:\Users\ich\AppData\Local\Resmon.ResmonCfg [2012.03.01 17:16:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.01 17:16:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.01 17:16:50 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.01 17:16:49 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.01 16:42:16 | 000,000,906 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.01 16:42:08 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.01 16:42:08 | 000,000,560 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.30 21:28:41 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.30 21:26:09 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.01.22 20:11:09 | 050,225,240 | ---- | C] () -- C:\Users\ich\AppData\Roaming\.minecraft.rar [2011.11.08 19:42:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.28 16:56:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.10.28 13:16:10 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.28 13:16:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.06 22:12:24 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.10.06 22:12:24 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2011.10.06 22:12:24 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2011.10.06 22:12:15 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.10.06 22:12:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.10.06 22:06:59 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.06 22:06:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.06 22:06:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.06 22:06:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.06 22:06:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.06 21:38:00 | 011,157,504 | ---- | C] () -- C:\Users\ich\AppData\Roaming\Sandra.mdb [2011.10.06 21:11:40 | 001,642,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.08 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\.minecraft [2012.03.10 01:25:56 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Amazon [2012.03.01 17:16:57 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\ASUS [2012.11.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\calibre [2012.10.21 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.10.08 10:40:26 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\DAEMON Tools Lite [2012.10.30 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Day 1 Studios [2011.10.06 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\DeviceVm [2012.11.29 11:02:20 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Dropbox [2012.10.23 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\e-academy Inc [2012.01.30 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Jason Robitaille [2012.02.22 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Leadertech [2012.07.04 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Motorola [2012.07.04 11:16:34 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Motorola Mobility [2012.09.18 17:30:33 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\MyPhoneExplorer [2012.05.25 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Notepad++ [2011.10.28 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\OpenOffice.org [2012.10.21 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Origin [2012.02.29 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\pdfforge [2012.05.25 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\postgresql [2011.11.27 15:14:13 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\PunkBuster [2012.04.26 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\runic games [2011.10.08 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Samsung [2012.10.21 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\SoftGrid Client [2012.11.29 11:07:11 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Spotify [2012.05.01 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Subversion [2012.10.23 14:33:45 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\TeamViewer [2011.11.24 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\TP [2012.02.23 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Tunngle [2011.11.18 20:58:30 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.04 10:45:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.17 22:02:40 | 000,000,000 | ---D | M] -- C:\AllShare [2012.02.21 19:47:37 | 000,000,000 | ---D | M] -- C:\AMD [2012.04.28 20:21:50 | 000,000,000 | ---D | M] -- C:\apache-maven-2.2.1 [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.06 04:13:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.08 19:16:36 | 000,000,000 | ---D | M] -- C:\Download [2012.04.02 17:55:39 | 000,000,000 | ---D | M] -- C:\Fraps [2012.09.19 14:55:32 | 000,000,000 | ---D | M] -- C:\Google Nexus 7 ToolKit [2011.10.06 22:06:35 | 000,000,000 | ---D | M] -- C:\Intel [2012.06.27 17:15:10 | 000,000,000 | ---D | M] -- C:\lm.dat [2012.09.11 17:11:55 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.23 10:47:20 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.23 17:15:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.31 12:44:54 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.06 04:13:11 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.06 04:13:12 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.29 11:43:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.29 11:02:06 | 000,000,000 | ---D | M] -- C:\Temp [2012.05.25 11:22:46 | 000,000,000 | R--D | M] -- C:\Users [2012.11.18 22:20:59 | 000,000,000 | ---D | M] -- C:\Windows [2012.07.20 16:31:35 | 000,000,000 | ---D | M] -- C:\Wugs_NexusRootToolkit.v1.5.2 < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.08 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\.minecraft [2011.10.21 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Adobe [2012.03.10 01:25:56 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Amazon [2011.10.06 20:55:13 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Apple Computer [2012.03.01 17:16:57 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\ASUS [2011.11.08 19:42:24 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\ATI [2012.11.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\calibre [2012.10.21 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.10.08 10:40:26 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\DAEMON Tools Lite [2012.10.30 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Day 1 Studios [2011.10.06 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\DeviceVm [2012.11.29 11:02:20 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Dropbox [2012.03.06 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\dvdcss [2012.10.23 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\e-academy Inc [2011.10.06 04:13:19 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Identities [2011.10.06 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\InstallShield [2012.01.30 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Jason Robitaille [2012.02.22 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Leadertech [2012.02.22 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Logishrd [2012.02.22 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Logitech [2011.10.06 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Macromedia [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Media Center Programs [2012.11.18 23:12:17 | 000,000,000 | --SD | M] -- C:\Users\ich\AppData\Roaming\Microsoft [2012.07.04 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Motorola [2012.07.04 11:16:34 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Motorola Mobility [2012.11.02 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Mozilla [2012.09.18 17:30:33 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\MyPhoneExplorer [2012.05.25 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Notepad++ [2011.10.09 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\NVIDIA [2011.10.28 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\OpenOffice.org [2012.10.21 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Origin [2012.02.29 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\pdfforge [2012.05.25 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\postgresql [2011.11.27 15:14:13 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\PunkBuster [2012.04.26 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\runic games [2011.10.08 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Samsung [2012.10.21 16:21:02 | 000,000,000 | RH-D | M] -- C:\Users\ich\AppData\Roaming\SecuROM [2012.10.10 22:28:21 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Skype [2012.10.21 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\SoftGrid Client [2012.11.29 11:07:11 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Spotify [2012.05.01 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Subversion [2012.10.23 14:33:45 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\TeamViewer [2012.05.29 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\TortoiseSVN [2011.11.24 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\TP [2012.02.23 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Tunngle [2011.11.18 20:58:30 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Ubisoft [2012.03.09 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\vlc [2011.10.06 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\WinRAR [2012.11.29 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Xfire < %APPDATA%\*.exe /s > [2012.01.20 22:53:31 | 001,259,046 | ---- | M] () -- C:\Users\ich\AppData\Roaming\.minecraft\texturepacks\mcpatcher-2.3.1.exe [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\ich\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.04.04 06:45:36 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\ich\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.02.22 15:12:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\ich\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.10.23 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\ich\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe [2012.10.27 17:49:32 | 000,009,662 | R--- | M] () -- C:\Users\ich\AppData\Roaming\Microsoft\Installer\{AA57D6F1-6360-4397-B2D9-B21C69863D97}\_112D608FD02CD87FDC7735.exe [2012.10.27 17:49:32 | 000,009,662 | R--- | M] () -- C:\Users\ich\AppData\Roaming\Microsoft\Installer\{AA57D6F1-6360-4397-B2D9-B21C69863D97}\_5E3F868D52D5DFAB8E1F0B.exe [2012.10.27 17:49:32 | 000,009,662 | R--- | M] () -- C:\Users\ich\AppData\Roaming\Microsoft\Installer\{AA57D6F1-6360-4397-B2D9-B21C69863D97}\_853F67D554F05449430E7E.exe [2011.11.23 17:38:29 | 003,123,272 | R--- | M] () -- C:\Users\ich\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe [2012.02.22 21:23:36 | 037,411,800 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\ich\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12013_8.exe [2012.08.13 17:35:21 | 037,277,456 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\ich\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12031_10.exe [2012.10.27 21:19:21 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\ich\AppData\Roaming\Spotify\spotify.exe [2012.10.27 21:19:15 | 000,117,208 | ---- | M] (Spotify Ltd) -- C:\Users\ich\AppData\Roaming\Spotify\SpotifyLauncher.exe [2012.10.27 21:19:15 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 356 bytes -> C:\Users\ich\Desktop\2012-08-29 16.38.37.jpg:com.dropbox.attributes < End of report > |
|
29.11.2012, 12:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Web.de (Mail delivery failed) Hallo und
__________________ Zitat:
__________________ |
|
29.11.2012, 13:37
| #3 |
| | Web.de (Mail delivery failed) Hallo,
__________________bei der Win7 Version handelt es sich in der Tat um eine Studentenversion, da meine Hochschule im Besitz ein Dreamspark Lizenz (jedoch leider ohne das Officeparket) ist. Es handelt sich dabei jedoch um meinen Privatrechner. |
|
29.11.2012, 14:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed) Ok Bei den letzten Fällen mit demselben Problem hat sich das nach der Passwortänderung jeweils erledigt. Bekommst du diese Mails noch oder hat das jetzt auch bei dir aufgehört nachdem du dein Passwort geändert hast?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.11.2012, 18:03
| #5 |
| | Web.de (Mail delivery failed) Noch habe ich keine bekommen. Ich hatte jetzt aber mal nachgeschaut und festgestellt, dass das ganze schon seit etwa 3 Wochen so vor sich geht. Und öfter auch mal 3 Tage keine Mails verschickt wurden. Sollte es jedoch mit Änderung des Passwortes jetzt aufhören, ist das ein Zeichen dafür, dass die sich das Passwort nicht mittels Trojaner geholt haben ? Und ich mir um meine Systemsicherheit ansonsten keine sorgen machen brauche ? |
|
29.11.2012, 20:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed) Es lässt sich nicht mit Gewissheit sagen wie die an dein Passwort gekommen sind. Kann sein, dass es nur zu einfach zu erraten war 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Web.de (Mail delivery failed) |
|
29.11.2012, 23:08
| #7 |
| | Web.de (Mail delivery failed) Soo, also beim aswMBR kam jetzt nicht viel rum, da es beim Av-Quickscan immer abgestürzt ist. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 23:10:40
-----------------------------
23:10:40.661 OS Version: Windows x64 6.1.7601 Service Pack 1
23:10:40.661 Number of processors: 4 586 0x2A07
23:10:40.662 ComputerName: NEON-PC UserName: neon
23:10:40.814 Initialize success
23:10:45.230 AVAST engine defs: 12112900
23:10:47.614 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:10:47.616 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
23:10:47.619 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
23:10:47.621 Disk 1 Vendor: M4-CT064M4SSD2 0002 Size: 61057MB BusType: 3
23:10:47.624 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-2
23:10:47.627 Disk 2 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
23:10:47.631 Disk 1 MBR read successfully
23:10:47.635 Disk 1 MBR scan
23:10:47.639 Disk 1 Windows 7 default MBR code
23:10:47.642 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 61055 MB offset 2048
23:10:47.667 Disk 1 scanning C:\Windows\system32\drivers
23:10:52.768 Service scanning
23:11:07.316 Modules scanning
23:11:07.331 Disk 1 trace - called modules:
23:11:07.337 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:11:07.342 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006935060]
23:11:07.346 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800672e580]
23:11:07.349 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800672b060]
23:11:07.352 Scan finished successfully
23:11:17.530 Disk 1 MBR has been saved successfully to "C:\Users\neon\Desktop\MBR.dat"
23:11:17.533 The log file has been saved successfully to "C:\Users\neon\Desktop\aswMBR.txt"
Code:
ATTFilter 23:02:17.0573 2828 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:02:17.0787 2828 ============================================================
23:02:17.0787 2828 Current date / time: 2012/11/29 23:02:17.0787
23:02:17.0787 2828 SystemInfo:
23:02:17.0787 2828
23:02:17.0787 2828 OS Version: 6.1.7601 ServicePack: 1.0
23:02:17.0787 2828 Product type: Workstation
23:02:17.0787 2828 ComputerName: NEON-PC
23:02:17.0787 2828 UserName: neon
23:02:17.0787 2828 Windows directory: C:\Windows
23:02:17.0787 2828 System windows directory: C:\Windows
23:02:17.0787 2828 Running under WOW64
23:02:17.0787 2828 Processor architecture: Intel x64
23:02:17.0787 2828 Number of processors: 4
23:02:17.0787 2828 Page size: 0x1000
23:02:17.0787 2828 Boot type: Normal boot
23:02:17.0787 2828 ============================================================
23:02:18.0282 2828 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:18.0282 2828 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:18.0304 2828 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:18.0413 2828 ============================================================
23:02:18.0413 2828 \Device\Harddisk0\DR0:
23:02:18.0413 2828 MBR partitions:
23:02:18.0413 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
23:02:18.0413 2828 \Device\Harddisk1\DR1:
23:02:18.0413 2828 MBR partitions:
23:02:18.0413 2828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
23:02:18.0413 2828 \Device\Harddisk2\DR2:
23:02:18.0413 2828 MBR partitions:
23:02:18.0413 2828 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
23:02:18.0424 2828 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x3D08FC7E
23:02:18.0438 2828 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x5572E294, BlocksNum 0x1EFD386C
23:02:18.0438 2828 ============================================================
23:02:18.0439 2828 C: <-> \Device\Harddisk1\DR1\Partition1
23:02:18.0457 2828 D: <-> \Device\Harddisk2\DR2\Partition1
23:02:18.0886 2828 E: <-> \Device\Harddisk0\DR0\Partition1
23:02:18.0921 2828 F: <-> \Device\Harddisk2\DR2\Partition2
23:02:18.0951 2828 G: <-> \Device\Harddisk2\DR2\Partition3
23:02:18.0951 2828 ============================================================
23:02:18.0951 2828 Initialize success
23:02:18.0951 2828 ============================================================
23:02:21.0969 6340 ============================================================
23:02:21.0969 6340 Scan started
23:02:21.0969 6340 Mode: Manual; SigCheck; TDLFS;
23:02:21.0969 6340 ============================================================
23:02:22.0241 6340 ================ Scan system memory ========================
23:02:22.0241 6340 System memory - ok
23:02:22.0241 6340 ================ Scan services =============================
23:02:22.0271 6340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:02:22.0303 6340 1394ohci - ok
23:02:22.0309 6340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:02:22.0321 6340 ACPI - ok
23:02:22.0322 6340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:02:22.0339 6340 AcpiPmi - ok
23:02:22.0344 6340 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:02:22.0351 6340 AdobeARMservice - ok
23:02:22.0372 6340 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:02:22.0382 6340 AdobeFlashPlayerUpdateSvc - ok
23:02:22.0391 6340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:02:22.0407 6340 adp94xx - ok
23:02:22.0412 6340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:02:22.0423 6340 adpahci - ok
23:02:22.0427 6340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:02:22.0436 6340 adpu320 - ok
23:02:22.0439 6340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:02:22.0487 6340 AeLookupSvc - ok
23:02:22.0496 6340 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:02:22.0508 6340 AFD - ok
23:02:22.0512 6340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:02:22.0518 6340 agp440 - ok
23:02:22.0521 6340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:02:22.0532 6340 ALG - ok
23:02:22.0534 6340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:02:22.0539 6340 aliide - ok
23:02:22.0544 6340 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:02:22.0566 6340 AMD External Events Utility - ok
23:02:22.0568 6340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:02:22.0574 6340 amdide - ok
23:02:22.0577 6340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:02:22.0587 6340 AmdK8 - ok
23:02:22.0711 6340 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:02:22.0873 6340 amdkmdag - ok
23:02:22.0879 6340 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:02:22.0892 6340 amdkmdap - ok
23:02:22.0894 6340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:02:22.0902 6340 AmdPPM - ok
23:02:22.0906 6340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:02:22.0913 6340 amdsata - ok
23:02:22.0917 6340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:02:22.0926 6340 amdsbs - ok
23:02:22.0928 6340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:02:22.0934 6340 amdxata - ok
23:02:22.0937 6340 [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb C:\Windows\system32\Drivers\androidusb.sys
23:02:22.0943 6340 androidusb - ok
23:02:22.0946 6340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:02:23.0003 6340 AppID - ok
23:02:23.0006 6340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:02:23.0028 6340 AppIDSvc - ok
23:02:23.0031 6340 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:02:23.0053 6340 Appinfo - ok
23:02:23.0058 6340 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:02:23.0063 6340 Apple Mobile Device - ok
23:02:23.0069 6340 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:02:23.0079 6340 AppMgmt - ok
23:02:23.0082 6340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:02:23.0089 6340 arc - ok
23:02:23.0092 6340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:02:23.0099 6340 arcsas - ok
23:02:23.0108 6340 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:02:23.0117 6340 aspnet_state - ok
23:02:23.0119 6340 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
23:02:23.0141 6340 AsrAppCharger - ok
23:02:23.0143 6340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:02:23.0164 6340 AsyncMac - ok
23:02:23.0167 6340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:02:23.0173 6340 atapi - ok
23:02:23.0177 6340 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:02:23.0182 6340 AtiHDAudioService - ok
23:02:23.0192 6340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:02:23.0223 6340 AudioEndpointBuilder - ok
23:02:23.0232 6340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:02:23.0256 6340 AudioSrv - ok
23:02:23.0259 6340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:02:23.0277 6340 AxInstSV - ok
23:02:23.0284 6340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:02:23.0297 6340 b06bdrv - ok
23:02:23.0302 6340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:02:23.0313 6340 b57nd60a - ok
23:02:23.0317 6340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:02:23.0326 6340 BDESVC - ok
23:02:23.0328 6340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:02:23.0349 6340 Beep - ok
23:02:23.0358 6340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:02:23.0388 6340 BFE - ok
23:02:23.0398 6340 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:02:23.0429 6340 BITS - ok
23:02:23.0432 6340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:02:23.0439 6340 blbdrive - ok
23:02:23.0447 6340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:02:23.0459 6340 Bonjour Service - ok
23:02:23.0462 6340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:02:23.0471 6340 bowser - ok
23:02:23.0473 6340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:02:23.0489 6340 BrFiltLo - ok
23:02:23.0492 6340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:02:23.0499 6340 BrFiltUp - ok
23:02:23.0503 6340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:02:23.0512 6340 Browser - ok
23:02:23.0517 6340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:02:23.0531 6340 Brserid - ok
23:02:23.0533 6340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:02:23.0542 6340 BrSerWdm - ok
23:02:23.0544 6340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:02:23.0553 6340 BrUsbMdm - ok
23:02:23.0556 6340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:02:23.0563 6340 BrUsbSer - ok
23:02:23.0564 6340 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
23:02:23.0573 6340 BTCFilterService - ok
23:02:23.0576 6340 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:02:23.0586 6340 BthEnum - ok
23:02:23.0588 6340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:02:23.0598 6340 BTHMODEM - ok
23:02:23.0601 6340 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:02:23.0612 6340 BthPan - ok
23:02:23.0619 6340 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:02:23.0633 6340 BTHPORT - ok
23:02:23.0636 6340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:02:23.0658 6340 bthserv - ok
23:02:23.0662 6340 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:02:23.0669 6340 BTHUSB - ok
23:02:23.0672 6340 [ 2BD001601496AE87F7CB86F1FCD6F1EC ] Cardex C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
23:02:23.0682 6340 Cardex - ok
23:02:23.0686 6340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:02:23.0708 6340 cdfs - ok
23:02:23.0711 6340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:02:23.0719 6340 cdrom - ok
23:02:23.0723 6340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:02:23.0744 6340 CertPropSvc - ok
23:02:23.0747 6340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:02:23.0756 6340 circlass - ok
23:02:23.0762 6340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:02:23.0774 6340 CLFS - ok
23:02:23.0791 6340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:02:23.0797 6340 clr_optimization_v2.0.50727_32 - ok
23:02:23.0803 6340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:02:23.0811 6340 clr_optimization_v2.0.50727_64 - ok
23:02:23.0818 6340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:02:23.0832 6340 clr_optimization_v4.0.30319_32 - ok
23:02:23.0834 6340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:02:23.0843 6340 clr_optimization_v4.0.30319_64 - ok
23:02:23.0846 6340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:02:23.0853 6340 CmBatt - ok
23:02:23.0856 6340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:02:23.0862 6340 cmdide - ok
23:02:23.0893 6340 [ 0367F029425CBD5506E8DB2757FF3A8F ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
23:02:23.0947 6340 cmudaxp - ok
23:02:23.0956 6340 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:02:23.0973 6340 CNG - ok
23:02:23.0976 6340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:02:23.0982 6340 Compbatt - ok
23:02:23.0984 6340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:02:23.0994 6340 CompositeBus - ok
23:02:23.0996 6340 COMSysApp - ok
23:02:24.0001 6340 cpuz135 - ok
23:02:24.0002 6340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:02:24.0009 6340 crcdisk - ok
23:02:24.0013 6340 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:02:24.0018 6340 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:02:24.0018 6340 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:02:24.0021 6340 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:02:24.0026 6340 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:02:24.0026 6340 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:02:24.0031 6340 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:02:24.0042 6340 CryptSvc - ok
23:02:24.0048 6340 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:02:24.0063 6340 CSC - ok
23:02:24.0073 6340 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:02:24.0089 6340 CscService - ok
23:02:24.0094 6340 [ 7DAA33AAEE034AE62EF631A3F13A027B ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:02:24.0099 6340 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
23:02:24.0099 6340 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
23:02:24.0111 6340 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:02:24.0124 6340 cvhsvc - ok
23:02:24.0127 6340 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
23:02:24.0132 6340 CVirtA - ok
23:02:24.0149 6340 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
23:02:24.0178 6340 CVPND - ok
23:02:24.0183 6340 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
23:02:24.0191 6340 CVPNDRVA - ok
23:02:24.0199 6340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:02:24.0227 6340 DcomLaunch - ok
23:02:24.0232 6340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:02:24.0258 6340 defragsvc - ok
23:02:24.0261 6340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:02:24.0282 6340 DfsC - ok
23:02:24.0286 6340 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:02:24.0292 6340 dg_ssudbus - ok
23:02:24.0298 6340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:02:24.0311 6340 Dhcp - ok
23:02:24.0312 6340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:02:24.0334 6340 discache - ok
23:02:24.0337 6340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:02:24.0343 6340 Disk - ok
23:02:24.0347 6340 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
23:02:24.0353 6340 DNE - ok
23:02:24.0357 6340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:02:24.0367 6340 Dnscache - ok
23:02:24.0372 6340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:02:24.0396 6340 dot3svc - ok
23:02:24.0399 6340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:02:24.0423 6340 DPS - ok
23:02:24.0426 6340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:02:24.0434 6340 drmkaud - ok
23:02:24.0439 6340 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:02:24.0446 6340 dtsoftbus01 - ok
23:02:24.0459 6340 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:02:24.0474 6340 DXGKrnl - ok
23:02:24.0478 6340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:02:24.0501 6340 EapHost - ok
23:02:24.0536 6340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:02:24.0588 6340 ebdrv - ok
23:02:24.0591 6340 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:02:24.0599 6340 EFS - ok
23:02:24.0611 6340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:02:24.0629 6340 ehRecvr - ok
23:02:24.0633 6340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:02:24.0644 6340 ehSched - ok
23:02:24.0651 6340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:02:24.0666 6340 elxstor - ok
23:02:24.0668 6340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:02:24.0674 6340 ErrDev - ok
23:02:24.0678 6340 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
23:02:24.0684 6340 EtronHub3 - ok
23:02:24.0687 6340 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
23:02:24.0693 6340 EtronXHCI - ok
23:02:24.0701 6340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:02:24.0728 6340 EventSystem - ok
23:02:24.0732 6340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:02:24.0756 6340 exfat - ok
23:02:24.0759 6340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:02:24.0784 6340 fastfat - ok
23:02:24.0793 6340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:02:24.0811 6340 Fax - ok
23:02:24.0813 6340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:02:24.0821 6340 fdc - ok
23:02:24.0823 6340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:02:24.0844 6340 fdPHost - ok
23:02:24.0847 6340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:02:24.0869 6340 FDResPub - ok
23:02:24.0872 6340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:02:24.0878 6340 FileInfo - ok
23:02:24.0881 6340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:02:24.0902 6340 Filetrace - ok
23:02:24.0904 6340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:02:24.0912 6340 flpydisk - ok
23:02:24.0917 6340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:02:24.0926 6340 FltMgr - ok
23:02:24.0928 6340 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
23:02:24.0939 6340 FNETTBOH_305 - ok
23:02:24.0942 6340 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
23:02:24.0952 6340 FNETURPX - ok
23:02:24.0966 6340 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:02:24.0988 6340 FontCache - ok
23:02:24.0991 6340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:02:24.0996 6340 FontCache3.0.0.0 - ok
23:02:24.0998 6340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:02:25.0004 6340 FsDepends - ok
23:02:25.0007 6340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:02:25.0013 6340 Fs_Rec - ok
23:02:25.0016 6340 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
23:02:25.0043 6340 Futuremark SystemInfo Service - ok
23:02:25.0047 6340 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:02:25.0058 6340 fvevol - ok
23:02:25.0062 6340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:02:25.0068 6340 gagp30kx - ok
23:02:25.0072 6340 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:02:25.0076 6340 GEARAspiWDM - ok
23:02:25.0086 6340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:02:25.0117 6340 gpsvc - ok
23:02:25.0122 6340 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:02:25.0128 6340 gupdate - ok
23:02:25.0132 6340 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:02:25.0137 6340 gupdatem - ok
23:02:25.0139 6340 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:02:25.0144 6340 hamachi - ok
23:02:25.0171 6340 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:02:25.0214 6340 Hamachi2Svc - ok
23:02:25.0217 6340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:02:25.0227 6340 hcw85cir - ok
23:02:25.0232 6340 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:02:25.0246 6340 HdAudAddService - ok
23:02:25.0248 6340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:02:25.0258 6340 HDAudBus - ok
23:02:25.0261 6340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:02:25.0268 6340 HidBatt - ok
23:02:25.0272 6340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:02:25.0282 6340 HidBth - ok
23:02:25.0283 6340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:02:25.0293 6340 HidIr - ok
23:02:25.0296 6340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:02:25.0318 6340 hidserv - ok
23:02:25.0322 6340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:02:25.0329 6340 HidUsb - ok
23:02:25.0332 6340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:02:25.0354 6340 hkmsvc - ok
23:02:25.0359 6340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:02:25.0371 6340 HomeGroupListener - ok
23:02:25.0376 6340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:02:25.0386 6340 HomeGroupProvider - ok
23:02:25.0388 6340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:02:25.0396 6340 HpSAMD - ok
23:02:25.0407 6340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:02:25.0439 6340 HTTP - ok
23:02:25.0442 6340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:02:25.0447 6340 hwpolicy - ok
23:02:25.0451 6340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:02:25.0458 6340 i8042prt - ok
23:02:25.0464 6340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:02:25.0477 6340 iaStorV - ok
23:02:25.0489 6340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:02:25.0509 6340 idsvc - ok
23:02:25.0676 6340 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:02:25.0882 6340 igfx - ok
23:02:25.0886 6340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:02:25.0893 6340 iirsp - ok
23:02:25.0903 6340 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:02:25.0936 6340 IKEEXT - ok
23:02:25.0966 6340 [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:02:26.0013 6340 IntcAzAudAddService - ok
23:02:26.0019 6340 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:02:26.0029 6340 IntcDAud - ok
23:02:26.0032 6340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:02:26.0038 6340 intelide - ok
23:02:26.0041 6340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:02:26.0049 6340 intelppm - ok
23:02:26.0053 6340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:02:26.0076 6340 IPBusEnum - ok
23:02:26.0079 6340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:26.0101 6340 IpFilterDriver - ok
23:02:26.0107 6340 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:02:26.0121 6340 iphlpsvc - ok
23:02:26.0123 6340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:02:26.0131 6340 IPMIDRV - ok
23:02:26.0134 6340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:02:26.0157 6340 IPNAT - ok
23:02:26.0169 6340 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:02:26.0188 6340 iPod Service - ok
23:02:26.0191 6340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:02:26.0207 6340 IRENUM - ok
23:02:26.0208 6340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:02:26.0214 6340 isapnp - ok
23:02:26.0219 6340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:02:26.0229 6340 iScsiPrt - ok
23:02:26.0232 6340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:02:26.0238 6340 kbdclass - ok
23:02:26.0241 6340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:02:26.0248 6340 kbdhid - ok
23:02:26.0251 6340 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:02:26.0257 6340 KeyIso - ok
23:02:26.0261 6340 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:02:26.0267 6340 KSecDD - ok
23:02:26.0271 6340 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:02:26.0278 6340 KSecPkg - ok
23:02:26.0281 6340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:02:26.0302 6340 ksthunk - ok
23:02:26.0308 6340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:02:26.0334 6340 KtmRm - ok
23:02:26.0341 6340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:02:26.0364 6340 LanmanServer - ok
23:02:26.0368 6340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:02:26.0391 6340 LanmanWorkstation - ok
23:02:26.0397 6340 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:02:26.0409 6340 LBTServ - ok
23:02:26.0412 6340 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
23:02:26.0417 6340 LGBusEnum - ok
23:02:26.0419 6340 [ 1AF3A5A9BC310C88F2EFCEBD08D381AB ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
23:02:26.0424 6340 LGSHidFilt - ok
23:02:26.0427 6340 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
23:02:26.0431 6340 LGVirHid - ok
23:02:26.0434 6340 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:02:26.0441 6340 LHidFilt - ok
23:02:26.0443 6340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:02:26.0464 6340 lltdio - ok
23:02:26.0471 6340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:02:26.0497 6340 lltdsvc - ok
23:02:26.0499 6340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:02:26.0521 6340 lmhosts - ok
23:02:26.0524 6340 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:02:26.0531 6340 LMouFilt - ok
23:02:26.0532 6340 LMS - ok
23:02:26.0537 6340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:02:26.0544 6340 LSI_FC - ok
23:02:26.0547 6340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:02:26.0554 6340 LSI_SAS - ok
23:02:26.0557 6340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:02:26.0564 6340 LSI_SAS2 - ok
23:02:26.0567 6340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:02:26.0576 6340 LSI_SCSI - ok
23:02:26.0578 6340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:02:26.0601 6340 luafv - ok
23:02:26.0603 6340 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
23:02:26.0609 6340 LUsbFilt - ok
23:02:26.0613 6340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:02:26.0622 6340 Mcx2Svc - ok
23:02:26.0624 6340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:02:26.0631 6340 megasas - ok
23:02:26.0636 6340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:02:26.0646 6340 MegaSR - ok
23:02:26.0648 6340 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:02:26.0653 6340 MEIx64 - ok
23:02:26.0659 6340 Microsoft SharePoint Workspace Audit Service - ok
23:02:26.0662 6340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:02:26.0684 6340 MMCSS - ok
23:02:26.0687 6340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:02:26.0708 6340 Modem - ok
23:02:26.0711 6340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:02:26.0721 6340 monitor - ok
23:02:26.0722 6340 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
23:02:26.0731 6340 motandroidusb - ok
23:02:26.0733 6340 [ 85198FB1E5CC4A9DB03443A385EA0AD2 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
23:02:26.0741 6340 motccgp - ok
23:02:26.0743 6340 [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
23:02:26.0749 6340 motccgpfl - ok
23:02:26.0752 6340 MotDev - ok
23:02:26.0754 6340 [ 0EF6B989AF403C1C1B6EBCBD2A280612 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
23:02:26.0763 6340 motmodem - ok
23:02:26.0767 6340 [ 5DDCE3FC5A54A4A58EE693046EBFAEF3 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
23:02:26.0773 6340 Motorola Device Manager - ok
23:02:26.0776 6340 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
23:02:26.0782 6340 MotoSwitchService - ok
23:02:26.0784 6340 [ 7E1BD35249F4D5A745144B3C77F9FB85 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
23:02:26.0792 6340 Motousbnet - ok
23:02:26.0794 6340 [ D075B1D964A314D240F5498773EE89DF ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
23:02:26.0802 6340 motusbdevice - ok
23:02:26.0804 6340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:02:26.0811 6340 mouclass - ok
23:02:26.0813 6340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:02:26.0821 6340 mouhid - ok
23:02:26.0823 6340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:02:26.0831 6340 mountmgr - ok
23:02:26.0836 6340 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:02:26.0846 6340 MpFilter - ok
23:02:26.0849 6340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:02:26.0858 6340 mpio - ok
23:02:26.0861 6340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:02:26.0883 6340 mpsdrv - ok
23:02:26.0894 6340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:02:26.0927 6340 MpsSvc - ok
23:02:26.0931 6340 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:02:26.0943 6340 MRxDAV - ok
23:02:26.0947 6340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:26.0957 6340 mrxsmb - ok
23:02:26.0962 6340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:26.0973 6340 mrxsmb10 - ok
23:02:26.0977 6340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:26.0984 6340 mrxsmb20 - ok
23:02:26.0987 6340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:02:26.0993 6340 msahci - ok
23:02:26.0997 6340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:02:27.0006 6340 msdsm - ok
23:02:27.0009 6340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:02:27.0019 6340 MSDTC - ok
23:02:27.0023 6340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:02:27.0044 6340 Msfs - ok
23:02:27.0047 6340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:02:27.0068 6340 mshidkmdf - ok
23:02:27.0071 6340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:02:27.0076 6340 msisadrv - ok
23:02:27.0081 6340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:02:27.0104 6340 MSiSCSI - ok
23:02:27.0105 6340 msiserver - ok
23:02:27.0108 6340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:02:27.0130 6340 MSKSSRV - ok
23:02:27.0133 6340 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:02:27.0139 6340 MsMpSvc - ok
23:02:27.0142 6340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:27.0163 6340 MSPCLOCK - ok
23:02:27.0165 6340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:02:27.0188 6340 MSPQM - ok
23:02:27.0194 6340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:02:27.0207 6340 MsRPC - ok
23:02:27.0209 6340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:02:27.0215 6340 mssmbios - ok
23:02:27.0218 6340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:02:27.0239 6340 MSTEE - ok
23:02:27.0242 6340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:02:27.0249 6340 MTConfig - ok
23:02:27.0252 6340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:02:27.0258 6340 Mup - ok
23:02:27.0265 6340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:02:27.0293 6340 napagent - ok
23:02:27.0298 6340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:02:27.0313 6340 NativeWifiP - ok
23:02:27.0324 6340 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:02:27.0344 6340 NDIS - ok
23:02:27.0347 6340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:02:27.0369 6340 NdisCap - ok
23:02:27.0372 6340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:27.0394 6340 NdisTapi - ok
23:02:27.0397 6340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:27.0418 6340 Ndisuio - ok
23:02:27.0422 6340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:27.0447 6340 NdisWan - ok
23:02:27.0449 6340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:02:27.0472 6340 NDProxy - ok
23:02:27.0474 6340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:02:27.0495 6340 NetBIOS - ok
23:02:27.0500 6340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:02:27.0525 6340 NetBT - ok
23:02:27.0528 6340 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:02:27.0534 6340 Netlogon - ok
23:02:27.0540 6340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:02:27.0568 6340 Netman - ok
23:02:27.0572 6340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:27.0580 6340 NetMsmqActivator - ok
23:02:27.0584 6340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:27.0590 6340 NetPipeActivator - ok
23:02:27.0598 6340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:02:27.0627 6340 netprofm - ok
23:02:27.0630 6340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:27.0635 6340 NetTcpActivator - ok
23:02:27.0638 6340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:02:27.0644 6340 NetTcpPortSharing - ok
23:02:27.0647 6340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:02:27.0654 6340 nfrd960 - ok
23:02:27.0657 6340 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:02:27.0665 6340 NisDrv - ok
23:02:27.0670 6340 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
23:02:27.0682 6340 NisSrv - ok
23:02:27.0685 6340 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:02:27.0697 6340 NlaSvc - ok
23:02:27.0700 6340 [ F467AD6F8951E7260D4A7F915CCE16A3 ] NovacomD C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
23:02:27.0704 6340 NovacomD ( UnsignedFile.Multi.Generic ) - warning
23:02:27.0704 6340 NovacomD - detected UnsignedFile.Multi.Generic (1)
23:02:27.0707 6340 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
23:02:27.0712 6340 NPF - ok
23:02:27.0714 6340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:02:27.0735 6340 Npfs - ok
23:02:27.0738 6340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:02:27.0760 6340 nsi - ok
23:02:27.0763 6340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:02:27.0785 6340 nsiproxy - ok
23:02:27.0803 6340 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:02:27.0833 6340 Ntfs - ok
23:02:27.0835 6340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:02:27.0857 6340 Null - ok
23:02:27.0859 6340 nvlddmkm - ok
23:02:27.0863 6340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:02:27.0870 6340 nvraid - ok
23:02:27.0875 6340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:02:27.0884 6340 nvstor - ok
23:02:27.0887 6340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:02:27.0894 6340 nv_agp - ok
23:02:27.0898 6340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:02:27.0905 6340 ohci1394 - ok
23:02:27.0909 6340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:02:27.0917 6340 ose - ok
23:02:27.0970 6340 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:02:28.0060 6340 osppsvc - ok
23:02:28.0069 6340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:02:28.0082 6340 p2pimsvc - ok
23:02:28.0089 6340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:02:28.0104 6340 p2psvc - ok
23:02:28.0107 6340 [ E74F5A59FBE1605567D779D8D878D048 ] Palm_TCP_Relay C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
23:02:28.0109 6340 Palm_TCP_Relay ( UnsignedFile.Multi.Generic ) - warning
23:02:28.0109 6340 Palm_TCP_Relay - detected UnsignedFile.Multi.Generic (1)
23:02:28.0112 6340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:02:28.0120 6340 Parport - ok
23:02:28.0124 6340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:02:28.0130 6340 partmgr - ok
23:02:28.0135 6340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:02:28.0148 6340 PcaSvc - ok
23:02:28.0152 6340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:02:28.0159 6340 pci - ok
23:02:28.0162 6340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:02:28.0168 6340 pciide - ok
23:02:28.0173 6340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:02:28.0182 6340 pcmcia - ok
23:02:28.0185 6340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:02:28.0192 6340 pcw - ok
23:02:28.0199 6340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:02:28.0229 6340 PEAUTH - ok
23:02:28.0248 6340 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:02:28.0278 6340 PeerDistSvc - ok
23:02:28.0298 6340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:02:28.0305 6340 PerfHost - ok
23:02:28.0314 6340 [ F8EA2B75AFD674C748D2FB910AFF89D3 ] pgsql-8.2 C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe
23:02:28.0318 6340 pgsql-8.2 ( UnsignedFile.Multi.Generic ) - warning
23:02:28.0318 6340 pgsql-8.2 - detected UnsignedFile.Multi.Generic (1)
23:02:28.0335 6340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:02:28.0382 6340 pla - ok
23:02:28.0388 6340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:02:28.0402 6340 PlugPlay - ok
23:02:28.0404 6340 PnkBstrA - ok
23:02:28.0407 6340 PnkBstrB - ok
23:02:28.0409 6340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:02:28.0417 6340 PNRPAutoReg - ok
23:02:28.0423 6340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:02:28.0432 6340 PNRPsvc - ok
23:02:28.0439 6340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:02:28.0468 6340 PolicyAgent - ok
23:02:28.0473 6340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:02:28.0498 6340 Power - ok
23:02:28.0502 6340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:02:28.0524 6340 PptpMiniport - ok
23:02:28.0527 6340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:02:28.0535 6340 Processor - ok
23:02:28.0540 6340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:02:28.0550 6340 ProfSvc - ok
23:02:28.0553 6340 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:02:28.0559 6340 ProtectedStorage - ok
23:02:28.0563 6340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:02:28.0585 6340 Psched - ok
23:02:28.0589 6340 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
23:02:28.0592 6340 PST Service ( UnsignedFile.Multi.Generic ) - warning
23:02:28.0592 6340 PST Service - detected UnsignedFile.Multi.Generic (1)
23:02:28.0610 6340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:02:28.0642 6340 ql2300 - ok
23:02:28.0645 6340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:02:28.0653 6340 ql40xx - ok
23:02:28.0658 6340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:02:28.0672 6340 QWAVE - ok
23:02:28.0675 6340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:02:28.0685 6340 QWAVEdrv - ok
23:02:28.0688 6340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:02:28.0709 6340 RasAcd - ok
23:02:28.0713 6340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:02:28.0734 6340 RasAgileVpn - ok
23:02:28.0738 6340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:02:28.0762 6340 RasAuto - ok
23:02:28.0764 6340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:28.0788 6340 Rasl2tp - ok
23:02:28.0793 6340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:02:28.0819 6340 RasMan - ok
23:02:28.0823 6340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:28.0845 6340 RasPppoe - ok
23:02:28.0848 6340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:02:28.0884 6340 RasSstp - ok
23:02:28.0889 6340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:02:28.0914 6340 rdbss - ok
23:02:28.0917 6340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:02:28.0927 6340 rdpbus - ok
23:02:28.0928 6340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:28.0950 6340 RDPCDD - ok
23:02:28.0955 6340 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:02:28.0965 6340 RDPDR - ok
23:02:28.0969 6340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:02:28.0990 6340 RDPENCDD - ok
23:02:28.0993 6340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:02:29.0014 6340 RDPREFMP - ok
23:02:29.0018 6340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:02:29.0028 6340 RDPWD - ok
23:02:29.0033 6340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:02:29.0042 6340 rdyboost - ok
23:02:29.0045 6340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:02:29.0069 6340 RemoteAccess - ok
23:02:29.0073 6340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:02:29.0097 6340 RemoteRegistry - ok
23:02:29.0102 6340 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:02:29.0113 6340 RFCOMM - ok
23:02:29.0117 6340 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
23:02:29.0124 6340 rpcapd - ok
23:02:29.0127 6340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:02:29.0149 6340 RpcEptMapper - ok
23:02:29.0152 6340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:02:29.0159 6340 RpcLocator - ok
23:02:29.0167 6340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:02:29.0192 6340 RpcSs - ok
23:02:29.0194 6340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:02:29.0217 6340 rspndr - ok
23:02:29.0224 6340 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:02:29.0233 6340 RTL8167 - ok
23:02:29.0235 6340 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:02:29.0243 6340 s3cap - ok
23:02:29.0245 6340 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:02:29.0252 6340 SamSs - ok
23:02:29.0257 6340 [ 9D19E17449C8E8759D6872F662104321 ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
23:02:29.0263 6340 SamsungAllShareV2.0 - ok
23:02:29.0267 6340 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x64\Sandra.sys
23:02:29.0278 6340 SANDRA - ok
23:02:29.0280 6340 [ 2A7EA1B0BFAAD9E2EC03F1D9DD9A4319 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe
23:02:29.0299 6340 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
23:02:29.0299 6340 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
23:02:29.0302 6340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:02:29.0310 6340 sbp2port - ok
23:02:29.0314 6340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:02:29.0339 6340 SCardSvr - ok
23:02:29.0342 6340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:02:29.0364 6340 scfilter - ok
23:02:29.0379 6340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:02:29.0418 6340 Schedule - ok
23:02:29.0420 6340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:02:29.0442 6340 SCPolicySvc - ok
23:02:29.0445 6340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:02:29.0457 6340 SDRSVC - ok
23:02:29.0459 6340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:02:29.0482 6340 secdrv - ok
23:02:29.0484 6340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:02:29.0507 6340 seclogon - ok
23:02:29.0509 6340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:02:29.0533 6340 SENS - ok
23:02:29.0535 6340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:02:29.0545 6340 SensrSvc - ok
23:02:29.0547 6340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:02:29.0555 6340 Serenum - ok
23:02:29.0559 6340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:02:29.0568 6340 Serial - ok
23:02:29.0570 6340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:02:29.0578 6340 sermouse - ok
23:02:29.0583 6340 [ 7046B16E9B188D09C41F5B59BDF7493D ] ServiceControl_RTE23_3S_GmbH C:\Program Files (x86)\3S Software\CoDeSys SP RTE\ServiceControl_RTE23.exe
23:02:29.0587 6340 ServiceControl_RTE23_3S_GmbH ( UnsignedFile.Multi.Generic ) - warning
23:02:29.0587 6340 ServiceControl_RTE23_3S_GmbH - detected UnsignedFile.Multi.Generic (1)
23:02:29.0594 6340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:02:29.0617 6340 SessionEnv - ok
23:02:29.0619 6340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:02:29.0628 6340 sffdisk - ok
23:02:29.0630 6340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:02:29.0639 6340 sffp_mmc - ok
23:02:29.0642 6340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:02:29.0650 6340 sffp_sd - ok
23:02:29.0653 6340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:02:29.0659 6340 sfloppy - ok
23:02:29.0670 6340 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:02:29.0683 6340 Sftfs - ok
23:02:29.0690 6340 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:02:29.0704 6340 sftlist - ok
23:02:29.0709 6340 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:02:29.0717 6340 Sftplay - ok
23:02:29.0719 6340 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:02:29.0724 6340 Sftredir - ok
23:02:29.0727 6340 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:02:29.0732 6340 Sftvol - ok
23:02:29.0735 6340 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:02:29.0743 6340 sftvsa - ok
23:02:29.0750 6340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:02:29.0779 6340 SharedAccess - ok
23:02:29.0785 6340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:02:29.0813 6340 ShellHWDetection - ok
23:02:29.0815 6340 [ 1435BF57B18B3FD2C28060EF4374E704 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
23:02:29.0820 6340 SimpleSlideShowServer - ok
23:02:29.0823 6340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:02:29.0830 6340 SiSRaid2 - ok
23:02:29.0833 6340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:02:29.0840 6340 SiSRaid4 - ok
23:02:29.0874 6340 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:02:29.0927 6340 Skype C2C Service - ok
23:02:29.0930 6340 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:02:29.0938 6340 SkypeUpdate - ok
23:02:29.0942 6340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:02:29.0965 6340 Smb - ok
23:02:29.0969 6340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:02:29.0979 6340 SNMPTRAP - ok
23:02:29.0982 6340 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
23:02:30.0037 6340 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:02:30.0037 6340 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:02:30.0039 6340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:02:30.0045 6340 spldr - ok
23:02:30.0053 6340 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:02:30.0068 6340 Spooler - ok
23:02:30.0113 6340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:02:30.0191 6340 sppsvc - ok
23:02:30.0195 6340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:02:30.0219 6340 sppuinotify - ok
23:02:30.0225 6340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:02:30.0239 6340 srv - ok
23:02:30.0245 6340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:02:30.0256 6340 srv2 - ok
23:02:30.0261 6340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:02:30.0270 6340 srvnet - ok
23:02:30.0275 6340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:02:30.0300 6340 SSDPSRV - ok
23:02:30.0304 6340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:02:30.0326 6340 SstpSvc - ok
23:02:30.0329 6340 Steam Client Service - ok
23:02:30.0331 6340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:02:30.0338 6340 stexstor - ok
23:02:30.0346 6340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:02:30.0366 6340 stisvc - ok
23:02:30.0369 6340 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:02:30.0374 6340 storflt - ok
23:02:30.0376 6340 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:02:30.0385 6340 StorSvc - ok
23:02:30.0388 6340 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:02:30.0394 6340 storvsc - ok
23:02:30.0396 6340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:02:30.0401 6340 swenum - ok
23:02:30.0410 6340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:02:30.0440 6340 swprv - ok
23:02:30.0461 6340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:02:30.0499 6340 SysMain - ok
23:02:30.0503 6340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:02:30.0515 6340 TabletInputService - ok
23:02:30.0518 6340 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
23:02:30.0524 6340 tap0901t ( UnsignedFile.Multi.Generic ) - warning
23:02:30.0524 6340 tap0901t - detected UnsignedFile.Multi.Generic (1)
23:02:30.0530 6340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:02:30.0556 6340 TapiSrv - ok
23:02:30.0558 6340 TBPanel - ok
23:02:30.0561 6340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:02:30.0584 6340 TBS - ok
23:02:30.0601 6340 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:02:30.0633 6340 Tcpip - ok
23:02:30.0649 6340 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:02:30.0673 6340 TCPIP6 - ok
23:02:30.0676 6340 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:02:30.0684 6340 tcpipreg - ok
23:02:30.0686 6340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:02:30.0695 6340 TDPIPE - ok
23:02:30.0696 6340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:02:30.0704 6340 TDTCP - ok
23:02:30.0708 6340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:02:30.0731 6340 tdx - ok
23:02:30.0764 6340 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
23:02:30.0794 6340 TeamViewer7 - ok
23:02:30.0798 6340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:02:30.0804 6340 TermDD - ok
23:02:30.0814 6340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:02:30.0845 6340 TermService - ok
23:02:30.0849 6340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:02:30.0859 6340 Themes - ok
23:02:30.0863 6340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:02:30.0884 6340 THREADORDER - ok
23:02:30.0888 6340 [ D1FF64383632D3BF0C14E309759C2403 ] Tomcat6 C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe
23:02:30.0906 6340 Tomcat6 ( UnsignedFile.Multi.Generic ) - warning
23:02:30.0906 6340 Tomcat6 - detected UnsignedFile.Multi.Generic (1)
23:02:30.0944 6340 TRIXX - ok
23:02:30.0966 6340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:02:30.0996 6340 TrkWks - ok
23:02:31.0001 6340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:02:31.0024 6340 TrustedInstaller - ok
23:02:31.0030 6340 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:31.0051 6340 tssecsrv - ok
23:02:31.0055 6340 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:02:31.0063 6340 TsUsbFlt - ok
23:02:31.0066 6340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:02:31.0089 6340 tunnel - ok
23:02:31.0100 6340 [ 7A34128510EEB13CF8583531C8FB081C ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
23:02:31.0563 6340 TunngleService ( UnsignedFile.Multi.Generic ) - warning
23:02:31.0563 6340 TunngleService - detected UnsignedFile.Multi.Generic (1)
23:02:31.0566 6340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:02:31.0574 6340 uagp35 - ok
23:02:31.0579 6340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:02:31.0606 6340 udfs - ok
23:02:31.0610 6340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:02:31.0619 6340 UI0Detect - ok
23:02:31.0621 6340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:02:31.0629 6340 uliagpkx - ok
23:02:31.0631 6340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:02:31.0639 6340 umbus - ok
23:02:31.0641 6340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:02:31.0649 6340 UmPass - ok
23:02:31.0654 6340 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:02:31.0665 6340 UmRdpService - ok
23:02:31.0666 6340 UNS - ok
23:02:31.0674 6340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:02:31.0701 6340 upnphost - ok
23:02:31.0705 6340 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:02:31.0711 6340 USBAAPL64 - ok
23:02:31.0715 6340 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:02:31.0725 6340 usbaudio - ok
23:02:31.0729 6340 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:31.0738 6340 usbccgp - ok
23:02:31.0740 6340 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:02:31.0750 6340 usbcir - ok
23:02:31.0754 6340 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:02:31.0761 6340 usbehci - ok
23:02:31.0766 6340 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:02:31.0779 6340 usbhub - ok
23:02:31.0781 6340 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:02:31.0788 6340 usbohci - ok
23:02:31.0790 6340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:02:31.0799 6340 usbprint - ok
23:02:31.0803 6340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:31.0811 6340 USBSTOR - ok
23:02:31.0814 6340 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:02:31.0820 6340 usbuhci - ok
23:02:31.0823 6340 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:02:31.0830 6340 usb_rndisx - ok
23:02:31.0833 6340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:02:31.0855 6340 UxSms - ok
23:02:31.0858 6340 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:02:31.0865 6340 VaultSvc - ok
23:02:31.0870 6340 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
23:02:31.0878 6340 VBoxDrv - ok
23:02:31.0881 6340 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:02:31.0888 6340 VBoxNetAdp - ok
23:02:31.0891 6340 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
23:02:31.0898 6340 VBoxNetFlt - ok
23:02:31.0901 6340 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
23:02:31.0908 6340 VBoxUSBMon - ok
23:02:31.0910 6340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:02:31.0916 6340 vdrvroot - ok
23:02:31.0925 6340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:02:31.0954 6340 vds - ok
23:02:31.0956 6340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:31.0965 6340 vga - ok
23:02:31.0968 6340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:02:31.0990 6340 VgaSave - ok
23:02:31.0995 6340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:02:32.0005 6340 vhdmp - ok
23:02:32.0006 6340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:02:32.0013 6340 viaide - ok
23:02:32.0018 6340 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:02:32.0026 6340 vmbus - ok
23:02:32.0029 6340 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:02:32.0035 6340 VMBusHID - ok
23:02:32.0039 6340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:02:32.0045 6340 volmgr - ok
23:02:32.0051 6340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:02:32.0064 6340 volmgrx - ok
23:02:32.0069 6340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:02:32.0079 6340 volsnap - ok
23:02:32.0084 6340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:02:32.0093 6340 vsmraid - ok
23:02:32.0113 6340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:02:32.0161 6340 VSS - ok
23:02:32.0164 6340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:02:32.0173 6340 vwifibus - ok
23:02:32.0180 6340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:02:32.0208 6340 W32Time - ok
23:02:32.0211 6340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:02:32.0219 6340 WacomPen - ok
23:02:32.0221 6340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:02:32.0244 6340 WANARP - ok
23:02:32.0246 6340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:02:32.0268 6340 Wanarpv6 - ok
23:02:32.0286 6340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:02:32.0316 6340 wbengine - ok
23:02:32.0321 6340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:02:32.0335 6340 WbioSrvc - ok
23:02:32.0341 6340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:02:32.0358 6340 wcncsvc - ok
23:02:32.0360 6340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:02:32.0368 6340 WcsPlugInService - ok
23:02:32.0370 6340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:02:32.0376 6340 Wd - ok
23:02:32.0386 6340 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:02:32.0405 6340 Wdf01000 - ok
23:02:32.0408 6340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:02:32.0433 6340 WdiServiceHost - ok
23:02:32.0435 6340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:02:32.0446 6340 WdiSystemHost - ok
23:02:32.0451 6340 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:02:32.0466 6340 WebClient - ok
23:02:32.0471 6340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:02:32.0498 6340 Wecsvc - ok
23:02:32.0501 6340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:02:32.0524 6340 wercplsupport - ok
23:02:32.0528 6340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:02:32.0551 6340 WerSvc - ok
23:02:32.0554 6340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:02:32.0575 6340 WfpLwf - ok
23:02:32.0578 6340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:02:32.0584 6340 WIMMount - ok
23:02:32.0585 6340 WinDefend - ok
23:02:32.0589 6340 WinHttpAutoProxySvc - ok
23:02:32.0598 6340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:02:32.0624 6340 Winmgmt - ok
23:02:32.0650 6340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:02:32.0703 6340 WinRM - ok
23:02:32.0708 6340 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:02:32.0718 6340 WinUsb - ok
23:02:32.0731 6340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:02:32.0754 6340 Wlansvc - ok
23:02:32.0756 6340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:02:32.0764 6340 WmiAcpi - ok
23:02:32.0770 6340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:02:32.0781 6340 wmiApSrv - ok
23:02:32.0783 6340 WMPNetworkSvc - ok
23:02:32.0785 6340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:02:32.0794 6340 WPCSvc - ok
23:02:32.0798 6340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:02:32.0811 6340 WPDBusEnum - ok
23:02:32.0814 6340 [ 754C8BF43F0DD4B54865F174A62761E9 ] WRfiltv C:\Windows\system32\drivers\WRfiltv.sys
23:02:32.0820 6340 WRfiltv - ok
23:02:32.0823 6340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:02:32.0844 6340 ws2ifsl - ok
23:02:32.0848 6340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:02:32.0859 6340 wscsvc - ok
23:02:32.0861 6340 WSearch - ok
23:02:32.0889 6340 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:02:32.0935 6340 wuauserv - ok
23:02:32.0938 6340 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:02:32.0946 6340 WudfPf - ok
23:02:32.0951 6340 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:32.0960 6340 WUDFRd - ok
23:02:32.0964 6340 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:02:32.0973 6340 wudfsvc - ok
23:02:32.0978 6340 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:02:32.0991 6340 WwanSvc - ok
23:02:32.0995 6340 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
23:02:33.0003 6340 xusb21 - ok
23:02:33.0011 6340 ================ Scan global ===============================
23:02:33.0014 6340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:02:33.0019 6340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:02:33.0025 6340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:02:33.0028 6340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:02:33.0034 6340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:02:33.0038 6340 [Global] - ok
23:02:33.0038 6340 ================ Scan MBR ==================================
23:02:33.0039 6340 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:02:33.0135 6340 \Device\Harddisk0\DR0 - ok
23:02:33.0138 6340 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:02:33.0154 6340 \Device\Harddisk1\DR1 - ok
23:02:33.0156 6340 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:02:33.0361 6340 \Device\Harddisk2\DR2 - ok
23:02:33.0361 6340 ================ Scan VBR ==================================
23:02:33.0364 6340 [ 4A8A31793207ADE0F4E3D2A611EBD582 ] \Device\Harddisk0\DR0\Partition1
23:02:33.0365 6340 \Device\Harddisk0\DR0\Partition1 - ok
23:02:33.0368 6340 [ E1702320DFA8411346D5FB264C4D0B3F ] \Device\Harddisk1\DR1\Partition1
23:02:33.0369 6340 \Device\Harddisk1\DR1\Partition1 - ok
23:02:33.0373 6340 [ 00571121EE08604E54F1139D58373C1E ] \Device\Harddisk2\DR2\Partition1
23:02:33.0374 6340 \Device\Harddisk2\DR2\Partition1 - ok
23:02:33.0376 6340 [ E385006E0BB2F0BA294685AA63FBAC8D ] \Device\Harddisk2\DR2\Partition2
23:02:33.0393 6340 \Device\Harddisk2\DR2\Partition2 - ok
23:02:33.0395 6340 [ 33DF9218403A41F2F334FB1A057F904D ] \Device\Harddisk2\DR2\Partition3
23:02:33.0396 6340 \Device\Harddisk2\DR2\Partition3 - ok
23:02:33.0398 6340 ============================================================
23:02:33.0398 6340 Scan finished
23:02:33.0398 6340 ============================================================
23:02:33.0406 6328 Detected object count: 13
23:02:33.0406 6328 Actual detected object count: 13
23:02:39.0893 6328 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0893 6328 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0893 6328 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0893 6328 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0894 6328 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0894 6328 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0894 6328 NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0894 6328 NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0895 6328 Palm_TCP_Relay ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0895 6328 Palm_TCP_Relay ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0895 6328 pgsql-8.2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0895 6328 pgsql-8.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0897 6328 PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0897 6328 PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0898 6328 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0898 6328 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0898 6328 ServiceControl_RTE23_3S_GmbH ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0898 6328 ServiceControl_RTE23_3S_GmbH ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0899 6328 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0899 6328 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0899 6328 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0899 6328 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0900 6328 Tomcat6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0900 6328 Tomcat6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:39.0902 6328 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:39.0902 6328 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.11.2012, 09:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed) adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.11.2012, 16:37
| #9 |
| | Web.de (Mail delivery failed) So, hier einmal das Log von AdwCleaner. War das Log von Avast Killer denn soweit unauffälig? Übrigends nochmals vielen Dank für deine Mühen. Code:
ATTFilter # AdwCleaner v2.010 - Datei am 30/11/2012 um 16:35:14 erstellt
# Aktualisiert am 29/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : neon - NEON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\neon\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\neon\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v10.0 (de)
Profilname : default
Datei : C:\Users\neon\AppData\Roaming\Mozilla\Firefox\Profiles\idg4kh9n.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.91
Datei : C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1117 octets] - [30/11/2012 16:35:14]
########## EOF - C:\AdwCleaner[R1].txt - [1177 octets] ##########
|
|
30.11.2012, 21:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.12.2012, 12:43
| #11 |
| | Web.de (Mail delivery failed) adwCleaner Log vom Löschvorgang: Code:
ATTFilter # AdwCleaner v2.010 - Datei am 01/12/2012 um 12:29:52 erstellt
# Aktualisiert am 29/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : neon - NEON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\neon\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\neon\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v10.0 (de)
Profilname : default
Datei : C:\Users\neon\AppData\Roaming\Mozilla\Firefox\Profiles\idg4kh9n.default\prefs.js
C:\Users\neon\AppData\Roaming\Mozilla\Firefox\Profiles\idg4kh9n.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.95
Datei : C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1246 octets] - [01/12/2012 12:29:39]
AdwCleaner[S1].txt - [1277 octets] - [01/12/2012 12:29:52]
########## EOF - C:\AdwCleaner[S1].txt - [1337 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.12.2012 12:34:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = G:\DownLoad 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,92 Gb Total Physical Memory | 3,99 Gb Available Physical Memory | 67,38% Memory free 11,83 Gb Paging File | 9,43 Gb Available in Paging File | 79,70% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 3,06 Gb Free Space | 5,14% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 67,62 Gb Free Space | 34,62% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 714,70 Gb Free Space | 38,36% Space Free | Partition Type: NTFS Drive F: | 488,28 Gb Total Space | 55,00 Gb Free Space | 11,26% Space Free | Partition Type: NTFS Drive G: | 247,91 Gb Total Space | 26,89 Gb Free Space | 10,85% Space Free | Partition Type: NTFS Drive Z: | 591,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NEON-PC | User Name: neon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\DownLoad\OTL.exe (OldTimer Tools) PRC - C:\Users\neon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Program Files (x86)\3S Software\CoDeSys SP RTE\ServiceControl_RTE23.exe (3S-Smart Software Solutions GmbH) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PostgreSQL\8.2\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll () MOD - C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c4eb7af61b41a2bc836352bc30f88f14\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (ServiceControl_RTE23_3S_GmbH) -- C:\Program Files (x86)\3S Software\CoDeSys SP RTE\ServiceControl_RTE23.exe (3S-Smart Software Solutions GmbH) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (pgsql-8.2) -- C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Tomcat6) -- C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe (Apache Software Foundation) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe (SiSoftware) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (WRfiltv) -- C:\Windows\SysNative\drivers\WRfiltv.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 11 21 80 10 9C CD 01 [binary data] IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\SearchScopes\{5245B0E8-C262-438f-BE22-8193FD3EA43C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 8F C9 1F 71 84 CC 01 [binary data] IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\SearchScopes\{5245B0E8-C262-438f-BE22-8193FD3EA43C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: F:\Shootmania Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\neon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\neon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\neon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\neon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\neon\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 10:59:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.09 10:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neon\AppData\Roaming\mozilla\Extensions [2012.10.10 18:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neon\AppData\Roaming\mozilla\Firefox\Profiles\idg4kh9n.default\extensions [2012.10.10 18:42:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\neon\AppData\Roaming\mozilla\Firefox\Profiles\idg4kh9n.default\extensions\ich@maltegoetz.de [2012.09.24 18:00:32 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\neon\AppData\Roaming\mozilla\firefox\profiles\idg4kh9n.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.17 19:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.31 10:45:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.28 20:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\neon\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\neon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: GWT DMP Plugin (Enabled) = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.9738_0\WINNT_x86-msvc/npGwtDevPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Angry Birds = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Drive = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Turn Off the Lights = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.17_0\ CHR - Extension: YouTube = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\ CHR - Extension: Angry Birds Space = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmcjfbmlohmjkpbchljecehcpnpkmpog\1.6_0\ CHR - Extension: Google News = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Proxy SwitchySharp = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.49_0\ CHR - Extension: Gmail offline = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Google Kalender = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Gtalk = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhdmanlbebkeibbfagebjpolgejfnpl\4.3_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\ CHR - Extension: AdBlock = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\ CHR - Extension: Spotify Chrome Extension = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb\1.0.3_0\ CHR - Extension: WebRC = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmihojfcjdmpmpfbjajkfpbhgieibpi\1_0\ CHR - Extension: Dropbox = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\ CHR - Extension: Disconnect = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\ CHR - Extension: OpenOffice Document Reader = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\ CHR - Extension: GWT Developer Plugin = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11338_0\ CHR - Extension: Rechner = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao\1.0.9_0\ CHR - Extension: YouTube Downloader = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecinmfhadegpcdocbpfdgffjopphmoa\11.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Quick Note = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Google Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Google Mail = C:\Users\neon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [Spotify] C:\Users\neon\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000..\Run: [Spotify Web Helper] C:\Users\neon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [ApacheTomcatMonitor6.0_Tomcat6] C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [chromium] C:\Users\postgres\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Spotify] C:\Users\neon\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\Run: [Spotify Web Helper] C:\Users\neon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\neon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\neon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\neon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\neon\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\neon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E65E2C-651D-4923-AD76-C2760884E295}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.27 22:19:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.04.14 13:00:00 | 000,000,112 | R--- | M] () - Z:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{93226554-f052-11e0-a30a-002522cc4d75}\Shell - "" = AutoRun O33 - MountPoints2\{93226554-f052-11e0-a30a-002522cc4d75}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- [2008.04.14 13:00:00 | 002,584,576 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{9a442f9a-1833-11e1-9693-002522cc4d75}\Shell - "" = AutoRun O33 - MountPoints2\{9a442f9a-1833-11e1-9693-002522cc4d75}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\index.html O33 - MountPoints2\{f1d0312e-16ef-11e2-809e-002522cc4d75}\Shell - "" = AutoRun O33 - MountPoints2\{f1d0312e-16ef-11e2-809e-002522cc4d75}\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.29 23:00:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\neon\Documents\Calibre Bibliothek [2012.11.23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\neon\AppData\Roaming\calibre [2012.11.23 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2 [2012.11.23 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012.11.18 23:12:17 | 000,000,000 | --SD | C] -- C:\Users\neon\Documents\Meine Datenquellen [2012.11.16 18:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hulumuluch [2012.11.16 14:39:19 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.16 14:39:19 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 14:39:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.16 14:39:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.16 14:39:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.16 14:39:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 14:39:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 14:39:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 14:39:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.16 14:39:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 14:39:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.13 19:50:03 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.13 19:50:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.13 19:46:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.13 19:46:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.13 19:46:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.13 19:46:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.13 19:46:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.13 19:46:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.13 19:46:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.13 19:46:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.13 19:46:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.13 19:46:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.13 19:46:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.13 19:46:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.13 19:46:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.13 19:46:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.13 19:46:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.13 19:46:32 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.13 19:46:31 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.13 19:46:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.13 19:46:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.13 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.2 [2012.11.02 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\neon\AppData\Local\Painkiller Redemption [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.01 12:31:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.01 12:31:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.01 12:31:01 | 469,766,143 | -HS- | M] () -- C:\hiberfil.sys [2012.12.01 12:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.01 12:14:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000UA.job [2012.12.01 12:10:20 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.01 12:10:20 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.01 12:09:05 | 001,622,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.01 12:09:05 | 000,700,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.01 12:09:05 | 000,655,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.01 12:09:05 | 000,149,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.01 12:09:05 | 000,121,946 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.01 12:03:08 | 000,373,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.30 23:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.30 22:00:20 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000UA.job [2012.11.30 17:14:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000Core.job [2012.11.30 16:34:22 | 000,533,705 | ---- | M] () -- C:\Users\neon\Desktop\adwcleaner.exe [2012.11.30 13:44:33 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1648228069-3097862834-1251921153-1000Core.job [2012.11.29 23:11:17 | 000,000,512 | ---- | M] () -- C:\Users\neon\Desktop\MBR.dat [2012.11.27 22:34:43 | 000,046,785 | ---- | M] () -- C:\Users\neon\Desktop\Logbuch_TT.pdf [2012.11.25 15:50:19 | 000,000,201 | ---- | M] () -- C:\Users\neon\Desktop\Dead Space.url [2012.11.25 15:49:12 | 000,000,201 | ---- | M] () -- C:\Users\neon\Desktop\Metro 2033.url [2012.11.25 13:55:26 | 000,074,946 | ---- | M] () -- C:\Users\neon\Documents\150234_447719185291747_1822559502_n.jpg [2012.11.24 13:27:30 | 000,000,199 | ---- | M] () -- C:\Users\neon\Desktop\Dota 2.url [2012.11.24 13:10:02 | 000,062,542 | ---- | M] () -- C:\Users\neon\Desktop\tuscan.png [2012.11.23 13:35:10 | 000,001,796 | ---- | M] () -- C:\Users\neon\Desktop\Hitman.lnk [2012.11.23 11:27:47 | 001,169,978 | ---- | M] () -- C:\Users\neon\Desktop\Ein plotzlicher Todesfall - Joanne K. Rowling.epub [2012.11.21 18:05:54 | 000,026,319 | ---- | M] () -- C:\Users\neon\Desktop\Moduluebersicht.class.violet [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II - Zombies.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | M] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II - Multiplayer.lnk [2012.11.13 18:27:48 | 000,032,837 | ---- | M] () -- C:\Users\neon\Desktop\pacmanBildmontage.png [2012.11.01 17:36:56 | 000,000,200 | ---- | M] () -- C:\Users\neon\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.01 12:28:33 | 000,533,705 | ---- | C] () -- C:\Users\neon\Desktop\adwcleaner.exe [2012.11.29 22:56:48 | 000,000,512 | ---- | C] () -- C:\Users\neon\Desktop\MBR.dat [2012.11.27 22:30:28 | 000,046,785 | ---- | C] () -- C:\Users\neon\Desktop\Logbuch_TT.pdf [2012.11.25 15:50:19 | 000,000,201 | ---- | C] () -- C:\Users\neon\Desktop\Dead Space.url [2012.11.25 15:49:12 | 000,000,201 | ---- | C] () -- C:\Users\neon\Desktop\Metro 2033.url [2012.11.25 13:55:23 | 000,074,946 | ---- | C] () -- C:\Users\neon\Documents\150234_447719185291747_1822559502_n.jpg [2012.11.24 13:27:30 | 000,000,199 | ---- | C] () -- C:\Users\neon\Desktop\Dota 2.url [2012.11.24 13:10:02 | 000,062,542 | ---- | C] () -- C:\Users\neon\Desktop\tuscan.png [2012.11.23 17:18:57 | 001,169,978 | ---- | C] () -- C:\Users\neon\Desktop\Ein plotzlicher Todesfall - Joanne K. Rowling.epub [2012.11.23 13:35:10 | 000,001,796 | ---- | C] () -- C:\Users\neon\Desktop\Hitman.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II - Zombies.lnk [2012.11.16 18:07:02 | 000,000,699 | ---- | C] () -- C:\Users\neon\Desktop\Call of Duty Black Ops II - Multiplayer.lnk [2012.11.13 19:50:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.13 19:46:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 18:23:18 | 000,032,837 | ---- | C] () -- C:\Users\neon\Desktop\pacmanBildmontage.png [2012.11.01 17:36:56 | 000,000,200 | ---- | C] () -- C:\Users\neon\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url [2012.10.24 05:27:50 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.10.23 10:50:14 | 000,000,173 | ---- | C] () -- C:\Users\neon\AppData\Local\msmathematics.qat.neon [2012.05.01 17:55:59 | 000,000,771 | ---- | C] () -- C:\Users\neon\eclipse.lnk [2012.04.24 14:07:59 | 000,000,233 | ---- | C] () -- C:\Windows\FTRUN32.INI [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.06 00:11:15 | 000,007,617 | ---- | C] () -- C:\Users\neon\AppData\Local\Resmon.ResmonCfg [2012.03.01 17:16:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.01 17:16:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.01 17:16:50 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.01 17:16:49 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.01 16:42:16 | 000,000,906 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.01 16:42:08 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.01 16:42:08 | 000,000,560 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.30 21:28:41 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.30 21:26:09 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.01.22 20:11:09 | 050,225,240 | ---- | C] () -- C:\Users\neon\AppData\Roaming\.minecraft.rar [2011.11.08 19:42:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.28 16:56:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.10.28 13:16:10 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.28 13:16:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.06 22:12:24 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.10.06 22:12:24 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2011.10.06 22:12:24 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2011.10.06 22:12:15 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.10.06 22:12:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.10.06 22:06:59 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.06 22:06:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.06 22:06:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.06 22:06:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.06 22:06:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.06 21:38:00 | 011,157,504 | ---- | C] () -- C:\Users\neon\AppData\Roaming\Sandra.mdb [2011.10.06 21:11:40 | 001,642,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 356 bytes -> C:\Users\neon\Desktop\2012-08-29 16.38.37.jpg:com.dropbox.attributes < End of report > [/Code] |
|
01.12.2012, 12:43
| #12 |
| | Web.de (Mail delivery failed) OTL Scan Extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.12.2012 12:34:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = G:\DownLoad
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,92 Gb Total Physical Memory | 3,99 Gb Available Physical Memory | 67,38% Memory free
11,83 Gb Paging File | 9,43 Gb Available in Paging File | 79,70% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 3,06 Gb Free Space | 5,14% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 67,62 Gb Free Space | 34,62% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 714,70 Gb Free Space | 38,36% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 55,00 Gb Free Space | 11,26% Space Free | Partition Type: NTFS
Drive G: | 247,91 Gb Total Space | 26,89 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive Z: | 591,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NEON-PC | User Name: neon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8AE973A8-743C-4775-906E-5ED4DCCFD55F}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{A5DD8C8B-AC30-4D3F-87FC-D2D57AC48EAD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp4a\rpcagentsrv.exe |
"{AF964F62-8263-480B-B549-B6DFA006A89D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp4a\wnt500x64\rpcsandrasrv.exe |
"{E9EFC88D-0CA2-47F4-873A-FC157C93EE9F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009ED420-B5FF-4496-B3B6-5C76ED5D3574}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0247B09D-B5CF-46E7-B5AB-798F6653FE60}" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe |
"{04759099-441B-48FD-AA14-BAEE2F332E53}" = protocol=6 | dir=in | app=f:\steam\steamapps\tobiasxxxl\counter-strike source\hl2.exe |
"{05F1C79B-A16A-4FA5-A30F-33C7F2EA17BF}" = protocol=17 | dir=in | app=c:\users\neon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{06AE00A6-7766-4272-8F70-2B2257062019}" = protocol=17 | dir=in | app=c:\diablo iii\diablo iii.exe |
"{087F47FB-3792-4910-93A6-6694EAD72CF7}" = protocol=17 | dir=in | app=f:\assasins creed 4\acrsp.exe |
"{08C091CA-43C7-46A1-986F-BB714381C7B8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{08E634B5-0FCC-4265-8647-77673FB66AED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A95822C-BD48-4CCB-B22E-398BE6CA4B76}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0C0D65E8-65E2-464C-99AE-B0F7091E1508}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0DABA467-E162-4C0E-9544-16C4940909CA}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{0DBA7D69-A05B-4EF1-9C42-D4575D7A35C0}" = protocol=6 | dir=in | app=c:\users\neon\appdata\roaming\spotify\spotify.exe |
"{103431EB-9FC8-4804-93DA-A474EFE0D6F4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe |
"{11685473-79EB-432D-9F96-258B36F94AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{13CF147E-7947-44B0-9CD7-7A3E89AB6C13}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{14055EBB-D8F9-4AFE-8DDC-0038E1AFB6A4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\painkiller redemption\bin\redemption.exe |
"{14F73C78-E001-46FB-A70A-E1E8E34DEEF4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe |
"{1599CAC5-99F8-47ED-94FB-CC44E8D0343D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{15CE38A2-06A1-4573-9163-8A2E57A44306}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\painkiller redemption\bin\redemptioneditor.exe |
"{15D18DFA-05A0-4C17-8117-67D473690E93}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\painkiller redemption\bin\redemptioneditor.exe |
"{167E130A-13CE-4DA5-AC66-458E3B2179C3}" = protocol=17 | dir=in | app=c:\users\neon\appdata\roaming\dropbox\bin\dropbox.exe |
"{16C1DA6E-C041-42E4-831F-395268F13C11}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe |
"{17947160-1210-4CFA-8014-845F6242ABFB}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space\dead space.exe |
"{180ACBB4-AEC8-46AF-B7E0-C3E0D33E824C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{19308FE9-F183-4A76-826B-2FEE73210489}" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe |
"{1936E1DD-1DC9-46B4-8E79-32B1C60EFEE0}" = protocol=6 | dir=in | app=f:\anno 2070\initengine.exe |
"{19CEE1A3-90CB-4D36-8CE2-88CA8C9172FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{19D2642D-0FC5-4325-AB65-0FDF33802CE8}" = protocol=17 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{1C359B33-8C03-453C-B53D-6CF70E5013BB}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{1CFB7C1F-CAFD-4FD5-A9CC-9038E4FC5B0E}" = protocol=6 | dir=in | app=c:\users\neon\appdata\roaming\dropbox\bin\dropbox.exe |
"{1DD6A41F-83E6-4E67-96A6-E47D072891ED}" = dir=out | app=%programfiles% (x86)\rockstar games\social club\renderer.exe |
"{1E9C0609-5E59-4B9E-B056-927C2880AF11}" = protocol=6 | dir=in | app=f:\anno 2070\anno5.exe |
"{1ECD1181-965C-407E-B6E1-B653901F77CF}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{1F65CA4F-6818-4123-84D9-E36127D74CED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{204AF049-FAD2-4C94-B249-C2C5EC9ECA93}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{208636BD-4C0A-4D1F-9EB2-1577169827FA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\metro 2033\metro2033.exe |
"{20BE8294-9BEC-4865-A4B1-1DB656D1B3B5}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"{22E6C43F-4B76-4A93-BE1D-9ABDB5499E2E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{235408D9-9B70-4DCE-8515-E7839357AD0A}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{253A9548-89CC-45D5-8D55-C25EF30F08AE}" = protocol=17 | dir=in | app=f:\anno 2070\initengine.exe |
"{27BD6F18-E4D1-4CB4-912A-57723EBB2906}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{2DFD62A3-01EA-4D53-A34B-F1B0DF99EC76}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe |
"{330B721A-A6F9-4CB8-A9C9-10857C669524}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{34A22D4F-4440-4F8B-8D94-CDD66017D9B0}" = protocol=6 | dir=in | app=f:\assasins creed 4\assassinscreedrevelations.exe |
"{36006B96-A971-4C54-8E0B-D0F191FA70C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3644DA4D-5B35-48D6-BC90-942A7D041CAE}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{3828F599-414A-4534-841F-F75B002BECAF}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{3AF47058-BB91-4ABE-B659-246475BE956C}" = protocol=17 | dir=in | app=f:\anno 2070\anno5.exe |
"{3C879B59-2B2C-4E57-B533-A1EF59ECF5D4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dota 2 test\dota.exe |
"{41F13BD1-92C8-4815-89BC-FFDE6F358C3E}" = protocol=6 | dir=in | app=f:\steam\steamapps\tobiasxxxl\counter-strike\hl.exe |
"{4376198F-3479-4470-8767-18CA50C10352}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{44C7EB12-3503-495A-ACB2-2459473E723A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{482E87D5-F063-47C7-8A41-4F4CFE1AEDEA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{488D8E1A-6A91-4C1F-B0C6-1E474CB59CB4}" = protocol=17 | dir=in | app=f:\maxpayne3\playmaxpayne3.exe |
"{4A62E13E-49EF-4AC9-8BFA-5C2D5D90AA04}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fear2\fear2.exe |
"{4B53E29D-72D2-4DF7-B6C2-E7B455DD3C82}" = dir=out | app=f:\lfs\keygenz28.exe |
"{4C5A15CE-4235-40EA-8123-DE1B71434082}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe |
"{4F1E84AA-32F0-4B4B-94B7-C9A82102F8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{524F4115-5496-4C9F-8F5B-F0659577AA7D}" = protocol=6 | dir=in | app=f:\battlefield 3\battlefield 3\bf3.exe |
"{539E76F2-1B2B-4D60-BBEC-F290949CEC74}" = protocol=17 | dir=in | app=f:\l.a. noire\lanlauncher.exe |
"{53E36C19-11FA-4B6A-A8A0-FE6A92668814}" = protocol=17 | dir=in | app=f:\assasins creed 4\acrmp.exe |
"{570C892C-CC29-45FA-8C65-9BD655E01F18}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{57B93391-1CD5-4E6F-A05E-5701276C38ED}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{58B98AA2-A3BB-4048-84C4-159A7BF5514C}" = protocol=17 | dir=in | app=f:\anno 2070\autopatcher.exe |
"{58DA13E0-47A6-4436-82E2-2C476D10DC36}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{5971B30B-5DDA-4C38-A720-393133180FB4}" = dir=out | app=f:\l.a. noire\lanoire.exe |
"{5B2FFE76-0838-4F71-BE28-56DECBD26B59}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{5BAB8909-ABD2-43AF-9582-ABC483C82CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5C222F2D-08E0-42FF-9519-69FABC9CCD5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5C428308-78B5-4C47-A485-9220B648E2C6}" = dir=in | app=f:\crysis 2\bin32\crysis2launcher.exe |
"{5C732F24-9A66-4873-ACC7-EBF07653D705}" = protocol=17 | dir=in | app=f:\battlefield 3\battlefield 3\bf3.exe |
"{5D2C224E-3779-4078-9956-9D46CFDF56AA}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{6105E376-105E-4BE9-A5E7-A921BD13A58D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{61C79A4D-2F6F-42EB-8B9D-C18214997CAF}" = protocol=6 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{6334F3A6-A5BC-4E26-9095-E524004499CE}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{6704CAD3-B7C9-4B23-9790-53E81375AA62}" = dir=out | app=f:\l.a. noire\lanlauncher.exe |
"{675E91F5-F03A-4D34-8FF0-48D1AA9A3E8D}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\splinter cell\system\splintercell.exe |
"{6AEB3F7C-2F22-4841-A95D-CC2D420C10CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{6B88455C-4446-4D25-BF3A-A642BE19A906}" = protocol=17 | dir=in | app=c:\users\neon\appdata\roaming\spotify\spotify.exe |
"{6EB47C17-D19A-47E5-8678-10BBF13D0F20}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{71379639-E7B6-4F14-B34D-FFEE6F2278DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{71E81792-6CE7-4BB6-B148-0EE09EA9DE39}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{7891349D-6681-4703-9596-5AA2E44D98DE}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{7A1394FE-B430-4C85-A018-68A86CD6D7E6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{7EA1822E-296D-4E1B-9063-96572F3E37B6}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\painkiller redemption\bin\redemption.exe |
"{80AB3CCC-91B7-4601-B40D-07D2000EC337}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{811BFD9C-EDC4-48ED-A2B0-1B5D7274B3F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8199D3CC-0D8D-4C53-B8CB-479AC4657726}" = protocol=17 | dir=in | app=f:\games for windows\microsoft games\microsoft flight\flight.exe |
"{81C6609B-8F40-4989-B943-96215A487E68}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{82ACC955-7FCE-4508-AF7F-DC80A6A14336}" = protocol=6 | dir=in | app=f:\anno 2070\autopatcher.exe |
"{83634089-E67F-4624-9AA8-2D55EAFDF29E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{880AD506-F3E6-476E-AD9E-530B41066EE8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8A57FE31-1B2F-4639-98D4-40119BD4604E}" = protocol=6 | dir=in | app=f:\assasins creed 4\acrsp.exe |
"{8F33F22B-30BB-4922-B549-459730F0A1AB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8FE278B3-A4BF-4087-BF56-ADB434F59BED}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{92470FB1-4715-4345-97DD-48D5F2BC45A5}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fear2\fear2.exe |
"{93FFE5FD-DC35-4953-9C60-569125C779A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{950C7FFF-035B-418D-B6F4-10512CC025E3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9913948A-B44E-4CFA-9163-2408E6694299}" = dir=in | app=f:\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{9975A40B-4B82-42B0-B70C-5222B26934C1}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space\dead space.exe |
"{997CFE0E-1865-4C4B-A5F3-E7CBBA93A804}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{9C014FC1-DE86-4B06-AE6E-8121B7627184}" = dir=out | app=f:\crysis 2\bin32\crysis2launcher.exe |
"{9E8F67EE-5BC8-40F8-8463-2507DBF4EDE1}" = protocol=17 | dir=in | app=f:\steam\steamapps\tobiasxxxl\counter-strike source\hl2.exe |
"{A0C4F467-F092-465D-838F-D169AA454F35}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dota 2 test\dota.exe |
"{A2A83926-3F6D-4DBC-A282-10EE0E8F14BB}" = dir=in | app=f:\crysis 2\bin32\crysis2launcher.exe |
"{A5ECDCEC-5EEC-4937-91B5-AE1217784E46}" = protocol=17 | dir=in | app=f:\assasins creed 4\assassinscreedrevelations.exe |
"{A6792081-24F4-49FA-829B-A181B8392FF2}" = protocol=6 | dir=in | app=f:\l.a. noire\lanlauncher.exe |
"{A8E4EE15-40BC-4056-8C6B-82CCF77FBA93}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\splinter cell\system\splintercell.exe |
"{AA177E6E-7997-434F-A6A3-603E3CE6BD43}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AA511CC4-91BC-4163-B039-A4FD845EBFAC}" = protocol=6 | dir=in | app=f:\games for windows\microsoft games\microsoft flight\flight.exe |
"{AB768944-6ED6-416B-9EDA-E7C9DF933F24}" = protocol=17 | dir=in | app=f:\diablo iii beta\diablo iii.exe |
"{ABB5EB8E-D085-4F26-BF0F-4922831B8956}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B3E276B5-EB22-446D-BA34-D955E3C8C24A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{B58BB127-BDF2-4782-B905-8AD34824BDD5}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{B62C6F48-D84A-4217-8D6D-6F4CC913CF33}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B946CB5F-CCD9-4586-83F8-6745874DE08D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BE58A6BE-4086-4618-8A3C-AFE15EA2C87B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{BEAA303C-2F2B-4588-BDEB-39A1DF053C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C0CAFC2D-F99E-4C75-893D-C3772DF6062C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C3888A52-B2F5-418D-A645-D15F8A9BCA09}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C4D36588-6C98-4A4C-BFA0-ADE25513C4EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe |
"{C771978B-C7CB-4783-B981-8A1D65B23378}" = protocol=6 | dir=in | app=f:\assasins creed 4\acrmp.exe |
"{C77A03D0-03B5-4085-A156-FBBB42C41084}" = protocol=6 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{CB81A58B-EEA3-44FC-88A5-871C6193FB08}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"{D3BC614A-31D5-407B-AF2A-3FEDC1F7B273}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D4F9AC8B-FF07-4E74-BD6C-C9AB7C8551CC}" = protocol=6 | dir=in | app=c:\diablo iii\diablo iii.exe |
"{D587E6EF-FE1D-4EB8-B80F-7BD864C3E307}" = protocol=6 | dir=in | app=f:\diablo iii beta\diablo iii.exe |
"{D6A5D8F4-57A5-4120-A76D-DB6445AF24B5}" = protocol=17 | dir=in | app=f:\steam\steamapps\tobiasxxxl\source sdk base 2007\hl2.exe |
"{D6B5D33D-2D1C-4503-ACEF-CF353BC9BB12}" = protocol=6 | dir=in | app=f:\maxpayne3\playmaxpayne3.exe |
"{D9A8E1E7-F312-4D80-8C63-3186C7F4BB0B}" = protocol=6 | dir=in | app=f:\steam\steamapps\tobiasxxxl\source sdk base 2007\hl2.exe |
"{DBCAB217-6E91-497F-8211-AA785CD67998}" = protocol=6 | dir=in | app=c:\users\neon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DD6951B1-5929-4EF9-A281-30AADF93144A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DEE5D4F5-A5C3-4D8D-B380-43EEB9302F54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E09685D6-3D1E-4993-9CE1-5560782F14CF}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{E156A044-6BE0-4661-A374-8E88D6E7D0C7}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{E1B8E1E6-831A-4503-872C-B1F9DF8F7AE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{E5157BD3-50DA-4879-9B35-FF6929D42B1A}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{E6961677-D452-4CF5-BB7D-90D721FE7378}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E9790A7F-CD69-441E-A4CB-686E8CDB5B0D}" = protocol=17 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{EC6E96FF-1E78-4EDD-8B49-A6E1010E05AC}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{ED5F9FFD-8EB8-480E-A483-6427D3AE43CD}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F0EBE973-97B8-452E-86E1-A3020C254A6E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{F512DCCF-12C9-48B9-A081-A14F39CB893E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\metro 2033\metro2033.exe |
"{F557D20D-0C59-4DD4-BF02-CE16B1DCD732}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FABF190E-299E-4864-BB54-284A574A7931}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{FB9513AF-B308-4EDA-BE58-42AB2E57EF96}" = protocol=17 | dir=in | app=f:\steam\steamapps\tobiasxxxl\counter-strike\hl.exe |
"TCP Query User{09B50C7D-AB5F-4884-ACA2-ACB2DCAAE148}G:\download\eclipse\eclipse.exe" = protocol=6 | dir=in | app=g:\download\eclipse\eclipse.exe |
"TCP Query User{0CA8BBD1-C777-4D9E-A7BD-0D430FBDFE23}F:\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=f:\max payne 3\maxpayne3.exe |
"TCP Query User{0ECDDA52-6CFA-45AF-9B39-3FA00B25AF4B}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"TCP Query User{14719586-FC78-44F3-9956-97D9DCC3D459}C:\program files (x86)\java\jdk1.6.0_31\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_31\jre\bin\java.exe |
"TCP Query User{247B7451-A8DB-4B18-A1BE-73293CF15E99}F:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{3102ECCB-B389-4D9A-9E2F-AE47E59287ED}F:\alarmstufe rot\cncnet.exe" = protocol=6 | dir=in | app=f:\alarmstufe rot\cncnet.exe |
"TCP Query User{34FAB3A2-AB71-4819-8EF6-3E113926E7BE}F:\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{37CDF546-016B-49C8-9712-475B0173105B}C:\users\neon\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\neon\eclipse\eclipse.exe |
"TCP Query User{409E0DB2-92C6-472F-AB76-D7C4C0A23270}F:\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{4A3B14C1-DC03-4B25-9EB7-9EDDB7E7D779}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{58072949-013F-4649-81A8-B9B1DD648C7F}F:\alarmstufe rot\ra95.exe" = protocol=6 | dir=in | app=f:\alarmstufe rot\ra95.exe |
"TCP Query User{5B730D71-33E6-4DE8-A172-DF22B8342BB7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5FF62CBE-A512-4758-A181-3D94EEF09558}C:\users\neon\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\neon\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{68AE1FA1-1F0F-48C4-9084-12D60057D09F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{6D067030-750B-4DDC-A3EA-96BB613306C5}F:\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=f:\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{74A4C582-8C56-49FA-A945-2FD6105DCB15}F:\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=f:\need for speed the run\need for speed the run.exe |
"TCP Query User{75242D62-08E4-49FB-B94D-08219995F48E}C:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |
"TCP Query User{7AD83630-CB41-4900-A2CC-9841E36AE8C0}D:\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=d:\virtualbox\virtualbox.exe |
"TCP Query User{83038BF5-ADD0-446E-935F-DC63E8E1FF1A}F:\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=f:\maniaplanet\maniaplanet.exe |
"TCP Query User{8EC496CC-F1DA-4A51-B43A-DC2EF4674799}F:\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=f:\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{8F449908-3784-4671-BBB7-D56BF570962C}G:\download\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=g:\download\diablo-iii-setup-dede.exe |
"TCP Query User{90853825-C43A-4D81-B90B-F514F0DF9EC8}F:\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=f:\call of duty black ops ii\t6sp.exe |
"TCP Query User{977F0C1E-AF26-4E7C-90F2-A90987EDC7B1}F:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"TCP Query User{A43A6A62-167F-439B-B16B-E916171F6ABB}F:\maxpayne3\maxpayne3.exe" = protocol=6 | dir=in | app=f:\maxpayne3\maxpayne3.exe |
"TCP Query User{AE94C106-AECE-4884-A89E-8F64EA203F0B}F:\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{B1292C30-9C6C-4C3B-A2D5-BFC28DD01A0C}F:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=f:\shift 2 unleashed\shift2u.exe |
"TCP Query User{B9973A9C-EF81-4B3D-A659-176370E69623}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{BD49C9AB-568A-4BF7-A408-2316660CDED0}C:\users\neon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\neon\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C348CAA4-5965-40CD-B245-B58E2B35D97E}C:\users\neon\appdata\local\temp\temp1_netscan.zip\64-bit\netscan.exe" = protocol=6 | dir=in | app=c:\users\neon\appdata\local\temp\temp1_netscan.zip\64-bit\netscan.exe |
"TCP Query User{C3C17D05-1BEC-43D1-B3F7-3494E5485D8E}F:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E1070A5E-ED70-407A-8A20-64D93D7443FA}C:\users\neon\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\neon\appdata\local\temp\keygen.exe |
"TCP Query User{E214C2D3-4B51-41BE-9CD1-94F53CF9DE08}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{EE4B8576-D7BD-49DE-ADC4-9F6B3F16062F}F:\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=f:\crysis 2\bin32\crysis2.exe |
"UDP Query User{01489795-77B0-4B16-98B5-D51DC43E39EF}F:\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=f:\maniaplanet\maniaplanet.exe |
"UDP Query User{093BC979-E05D-49B5-B45C-134B68AF31A0}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{0DD7B87B-7C4C-499E-9D7F-70F8A94A09C8}C:\users\neon\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\neon\eclipse\eclipse.exe |
"UDP Query User{185D02D7-7747-49FA-8A5F-6CCF752B6F18}F:\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=f:\need for speed the run\need for speed the run.exe |
"UDP Query User{23DF4D77-F74A-467D-A3AF-10930E2A4707}F:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{32969EF9-68A5-4F3A-90E9-2300FD16BF6A}C:\program files (x86)\java\jdk1.6.0_31\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_31\jre\bin\java.exe |
"UDP Query User{3AB1F832-0F99-47A8-9CA9-26D0ED05DCE6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3ACDA4FE-0B86-4340-A829-928B94019D5F}D:\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=d:\virtualbox\virtualbox.exe |
"UDP Query User{4BBD3102-640C-4660-B0C1-EA82C3AA5323}C:\users\neon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\neon\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{54498979-3DDE-4D80-8D70-DF88023EEBF8}F:\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=f:\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{587B68B7-A1EA-4F93-B65A-F73FE509DD7F}F:\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=f:\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{68D22D75-9BD7-40FC-B1DD-C119F07BED6F}F:\alarmstufe rot\cncnet.exe" = protocol=17 | dir=in | app=f:\alarmstufe rot\cncnet.exe |
"UDP Query User{78381322-F2E2-47DE-AD30-D5CF808BFF1D}C:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |
"UDP Query User{84169190-73E8-4AF4-8331-712045F2E089}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{84D69C8B-1F84-4AFA-A9DA-B8EFD4492B39}C:\users\neon\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\neon\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{8D71A127-35CA-4E85-A332-AE1FA9AA67B8}F:\maxpayne3\maxpayne3.exe" = protocol=17 | dir=in | app=f:\maxpayne3\maxpayne3.exe |
"UDP Query User{976AED2D-C3C1-4D6A-BDFE-24B195C33AB9}F:\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=f:\call of duty black ops ii\t6sp.exe |
"UDP Query User{992A7CE3-A1E6-4F41-841A-F75BDAFD4F0B}F:\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=f:\crysis 2\bin32\crysis2.exe |
"UDP Query User{99BB3FCE-15D2-4CCD-8747-3C189936D3C4}F:\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{9BD7B238-718D-4590-BCD4-FA42B20135CB}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9D8B971D-74EA-4192-A15D-4F782B9DE772}F:\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{A6285A73-BBA7-4EFF-907C-94CD0925139E}F:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=f:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"UDP Query User{AACF0E9A-FF84-453D-BDC4-2BCFEB1E4FEC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{AE1AB3C0-EC7C-4E31-A49F-C465F40E36B1}C:\users\neon\appdata\local\temp\temp1_netscan.zip\64-bit\netscan.exe" = protocol=17 | dir=in | app=c:\users\neon\appdata\local\temp\temp1_netscan.zip\64-bit\netscan.exe |
"UDP Query User{B16858A9-27BD-49AA-9398-4F950C105C88}F:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B935E778-2EBD-4317-B45F-D57D73B706A6}G:\download\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=g:\download\diablo-iii-setup-dede.exe |
"UDP Query User{B9EF4F2C-24A8-4504-A734-F8252FFAB193}F:\alarmstufe rot\ra95.exe" = protocol=17 | dir=in | app=f:\alarmstufe rot\ra95.exe |
"UDP Query User{BA0AB49D-8455-4C7F-A918-14451E212743}F:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=f:\shift 2 unleashed\shift2u.exe |
"UDP Query User{C6C13450-5D39-4F74-BE10-83A832036000}F:\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{CAFB7A85-A114-47AF-9EF0-A22D54DD32CE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{D4D0992B-7695-4445-A673-4CC4F0024B12}G:\download\eclipse\eclipse.exe" = protocol=17 | dir=in | app=g:\download\eclipse\eclipse.exe |
"UDP Query User{E85CA296-C67E-43A2-A4BC-67D4CC2D2F90}F:\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=f:\max payne 3\maxpayne3.exe |
"UDP Query User{ECC26DFA-B39E-4E8C-A200-41E7E0218EE8}C:\users\neon\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\neon\appdata\local\temp\keygen.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"{FD9C13F5-1BF8-4C63-89D2-FE955C9DABD8}" = Motorola Mobile Drivers Installation 5.6.0
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Apache Tomcat 6.0 Tomcat6" = Apache Tomcat 6.0 Tomcat6 (remove only)
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DX Audio Driver
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0429B343-D023-4524-89BC-0478E0D9E3C3}" = Sound Blaster World of Warcraft Headset
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F00C986-561C-4536-B62B-0EDE3475312A}" = WinFACT 8
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A2DDF67-3FA4-451C-8BF1-21CA4E546AEF}" = Motorola Device Software Update
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}" = RSDLite
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D9D5A07A-F299-4741-BFE6-302324CC0BD7}" = calibre
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alarmstufe Rot_is1" = Alarmstufe Rot 3.03p2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArgoUML" = ArgoUML 0.34
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.78
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"Call of Duty: Black Ops II_is1" = Call of Duty: Black Ops II
"DAEMON Tools Lite" = DAEMON Tools Lite
"Downloader" = Downloader
"EditiX-Free XML Editor free-2008-sp2" = EditiX-Free XML Editor free-2008-sp2
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MPE" = MyPhoneExplorer
"MySSID_is1" = EXPERTool 7.21
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"pgJDBC 9.0-801-1" = pgJDBC 9.0-801
"Plants vs. Zombies" = Plants vs. Zombies
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sapphire TRIXX" = Sapphire TRIXX
"Steam App 10" = Counter-Strike
"Steam App 102600" = Orcs Must Die!
"Steam App 13560" = Tom Clancy's Splinter Cell
"Steam App 17470" = Dead Space
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 201790" = Orcs Must Die! 2
"Steam App 205790" = Dota 2 Test
"Steam App 21100" = F.E.A.R. 3
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 43110" = Metro 2033
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 65560" = Painkiller: Redemption
"Steam App 730" = Counter-Strike: Global Offensive Beta
"SysInfo" = Creative Systeminformationen
"TeamViewer 7" = TeamViewer 7
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.8.1 (64-bit)
"World of Warcraft" = World of Warcraft
"XFastUsb" = XFastUsb
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1648228069-3097862834-1251921153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1648228069-3097862834-1251921153-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.08.2012 13:17:39 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 25.08.2012 13:17:40 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.08.2012 13:17:40 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007
Error - 25.08.2012 13:17:40 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007
Error - 25.08.2012 13:17:41 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.08.2012 13:17:41 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 25.08.2012 13:17:41 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 25.08.2012 13:17:42 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.08.2012 13:17:42 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 25.08.2012 13:17:42 | Computer Name = neon-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
[ System Events ]
Error - 30.11.2012 11:22:07 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Palm Novacom" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.11.2012 14:17:33 | Computer Name = neon-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 01.12.2012 07:03:08 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Palm Novacom" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.12.2012 07:05:14 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2
Error - 01.12.2012 07:05:20 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2
Error - 01.12.2012 07:05:20 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intel(R) Management and Security Application User Notification
Service" ist vom Dienst "Intel(R) Management and Security Application Local Management
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 01.12.2012 07:31:07 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Palm Novacom" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.12.2012 07:33:12 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2
Error - 01.12.2012 07:33:16 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2
Error - 01.12.2012 07:33:16 | Computer Name = neon-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intel(R) Management and Security Application User Notification
Service" ist vom Dienst "Intel(R) Management and Security Application Local Management
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
< End of report >
[/Code] |
|
03.12.2012, 10:44
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed) Edit: Zitat:
 was hast du dazu zu sagen?!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (03.12.2012 um 16:34 Uhr) |
|
03.12.2012, 21:35
| #14 |
| | Web.de (Mail delivery failed) Abgesehen davon, dass ich nicht wüsste wozu ich einen Keygen hätte nutzen wollen, und es die Datei weder in dem Ordner noch in meinem Downloadordner gibt: Keine Ahnung, kenn ich nicht, klingt aber nicht gerade vertrauenerweckend |
|
04.12.2012, 12:10
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Web.de (Mail delivery failed)Code:
ATTFilter app=f:\lfs\keygenz28.exe |
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Web.de (Mail delivery failed) |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, anmeldungen, avg, bho, black, bonjour, chrome extension, chromium, downloader, error, failed, firefox, flash player, format, google, hilfreich, homepage, installation, launch, logfile, mail delivery, monitor, ms security essentials, nemesis, nexus, plug-in, problem, realtek, registry, rundll, scan, security, senden, server, software, spotify web helper, trojaner, windows, wrapper, youtube downloader |
Linear-Darstellung
