| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrfach Probleme bei Installationen von ProgrammenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.01.2013, 22:39
| #1 |
 |  Mehrfach Probleme bei Installationen von Programmen Hallo zusammen, ich habe seit geraumer Zeit ein paar Probleme, bei denen ich mir nicht sicher bin, ob es ein Viren- oder Einstellungsproblem handelt. Von Anfang an: Ich habe versucht, diverse Programme zu installieren und danach zu lizenzieren, sprich anzumelden. Darunter sind CAD-Programme (Microstation V8i von Bentley), Google Earth oder aus die Everest-Poker Software. Bei allen Programmen erfolgt normalerweise eine Download oder eine Anmeldung online, alle brechen mit Meldungen wie "Ausgelastete Server", "Kein Lizenzserver gefunden" oder ähnliche Meldungen ab. Gerade bei Microstation ist das ärgerlich, weil ich es als Student kostenlos nutzen könnte und es auch brauche. Bis vor kurzen war auch das Update von Avira free Antivir nicht möglich, nachdem ich dort in den Einstellungen aber die "Benutze den System-Proxy"-Einstellung geändert habe, funktioniert es wieder. Den letzten Virus, den Avira anzeigte war die e621ca05.exe auf nem USB-Stick, den ich mittlerweile formatiert habe. Der letzte komplette Systemcheck mit Avira war befundlos. In den Code-Boxes habe ich die OTL-Textausgaben angehängt. Mich würde jetzt mal interessieren, ob mein Laptop verseucht ist oder nicht, auch weil ich ab nächster Woche meine Diplomarbeit darauf schreiben möchte. Vielen Dank schon mal und viele Grüße Frank OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2013 21:57:22 - Run 8 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 56,00% Memory free 7,49 Gb Paging File | 5,42 Gb Available in Paging File | 72,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 87,39 Gb Free Space | 29,33% Space Free | Partition Type: NTFS Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe (Binary Fortress Software) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\MirandaFusion\miranda32.exe (modified by Miranda Fusion Team) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Temp\nsq5F60.tmp\System.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - C:\Program Files (x86)\MirandaFusion\zlib.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\icq.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\aim.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\irc.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\facebook.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\folders.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\twitter.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\variables.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\startupstatus.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\mirotr.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\keepstatus.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\uinfoexw.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\fingerprint.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\menuex.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\metacontacts.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\watrack.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\sendss.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\extraicons.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\useactions.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\actman.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\authstate.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\svc_dbepp.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 00 F5 A0 06 7D CB 01 [binary data] IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\..\SearchScopes\{4AE10090-1637-4882-BC5D-A673E16CBADB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=21FCD855-E83F-4177-97D5-BCD375EA5A32&apn_sauid=D8467047-3148-4339-91EF-0B60040D8B1C IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\..\SearchScopes\{6622AA2D-9D66-42DC-9B78-BB0E1355C10E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-710000570-3305258888-3753924887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61657 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:4.9.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 61657 FF - prefs.js..network.proxy.type: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 10:47:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 10:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 10:47:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 10:47:49 | 000,000,000 | ---D | M] [2010.11.05 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.10.23 11:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4n3ahrkf.default\extensions [2011.03.07 19:31:17 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4n3ahrkf.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593} [2012.02.14 12:33:10 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4n3ahrkf.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.01.04 19:17:04 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4n3ahrkf.default\searchplugins\askcom.xml [2013.01.20 10:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.20 10:47:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.14 12:32:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 08:06:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.14 12:32:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 12:32:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 12:32:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 12:32:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-710000570-3305258888-3753924887-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKU\S-1-5-21-710000570-3305258888-3753924887-1000..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlinkexplorer.htm () O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlinkqueue.htm () O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebid.htm () O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlink.htm () O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidqueue.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlinkexplorer.htm () O8 - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlinkqueue.htm () O8 - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebid.htm () O8 - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidlink.htm () O8 - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader_2\iemenu\iebidqueue.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38D3CDFD-A47F-4494-AF33-423D50D8530F}: DhcpNameServer = 192.168.44.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662C09AA-4193-4822-B146-A2211745869F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.16 17:52:55 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 16:36:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.20 13:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.01.20 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.20 12:59:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.01.20 10:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.16 21:20:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.01.16 21:20:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.01.16 21:20:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.01.16 21:20:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.01.16 21:20:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.01.16 21:20:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.01.16 21:20:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.01.16 21:20:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.01.16 21:20:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.01.16 21:20:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.01.16 21:20:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.01.16 21:20:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.01.16 21:20:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.01.16 21:20:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.01.16 21:20:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.01.15 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bentley Shared [2013.01.15 21:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bentley [2013.01.15 21:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bentley [2013.01.15 21:46:44 | 000,000,000 | ---D | C] -- C:\Bentley [2013.01.15 20:51:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.01.15 20:51:57 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.01.15 20:51:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.01.15 20:51:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.01.15 20:51:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.01.15 20:51:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.01.15 20:51:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.01.15 20:51:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.01.15 20:51:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.01.15 20:51:56 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.01.15 20:51:56 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.01.15 20:51:56 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.01.15 20:51:56 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.01.15 20:51:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.01.15 20:51:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.01.15 20:51:56 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.01.15 20:51:56 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.01.15 20:51:56 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.01.15 20:51:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.01.15 20:51:56 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.01.15 20:51:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.01.15 20:51:56 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.01.15 20:51:56 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.01.15 20:51:56 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.01.15 20:51:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.01.15 20:51:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.01.15 20:51:55 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.01.15 20:51:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.01.15 20:51:54 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.01.15 20:51:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.01.15 20:51:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.01.15 20:51:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.01.15 20:51:54 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.01.15 20:51:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.01.15 20:51:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.01.15 20:51:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.01.15 20:51:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.01.15 20:51:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.01.15 20:51:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.01.15 20:51:53 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.01.15 20:51:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.01.15 20:51:53 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.01.15 20:51:53 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.01.15 20:51:53 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.01.15 20:51:53 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.01.15 20:51:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.01.15 20:51:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.01.15 20:51:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.01.15 20:51:53 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.01.15 20:51:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.01.15 20:51:53 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.01.15 20:51:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.01.15 20:51:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.01.15 20:51:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.01.15 20:51:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.01.15 20:51:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.01.15 20:51:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.01.14 17:48:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.01.14 17:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.14 17:41:54 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.14 17:41:54 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.14 17:41:54 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.14 17:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.10 13:48:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Diplomarbeit [2013.01.08 20:27:11 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.08 20:27:11 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.08 20:26:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.08 20:26:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.08 20:26:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.08 20:26:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.08 20:26:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.08 20:26:39 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.08 20:26:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.08 20:26:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.08 20:26:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.08 20:26:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.08 20:26:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.08 20:26:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.08 20:26:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.08 20:26:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.08 20:26:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.08 20:26:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.08 20:26:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.08 20:26:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.08 20:26:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.08 20:26:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.08 20:26:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.08 20:26:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.08 20:26:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.08 20:26:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.08 20:26:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.08 20:26:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.08 20:26:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.08 20:26:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.08 20:26:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.08 20:26:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.08 20:26:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.08 20:26:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.08 20:26:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.08 20:26:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.08 20:25:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.08 20:25:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.08 20:25:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.08 20:25:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.08 20:25:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.08 20:25:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.08 20:25:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.08 20:25:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.08 20:25:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.08 20:25:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.08 20:25:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.08 20:25:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.08 20:25:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.08 20:25:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.08 20:25:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.08 20:25:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.08 20:25:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.08 20:25:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.08 20:25:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.08 20:25:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.08 20:25:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.08 20:25:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.08 20:25:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.08 20:25:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.08 20:25:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.08 20:25:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.08 20:25:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.08 20:25:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.08 20:25:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.08 20:25:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.08 20:25:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.08 20:25:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.08 20:25:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.08 20:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.08 20:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.08 20:25:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.08 20:25:27 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.07 19:39:57 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\Common [2013.01.07 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DisplayFusion [2013.01.07 19:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion [2013.01.07 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion [2013.01.07 19:29:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DisplayFusion Backups [2013.01.07 19:29:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.02 16:51:54 | 000,959,976 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.02 16:51:53 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.29 21:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 17:53:37 | 008,546,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.29 17:53:37 | 000,736,184 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.01.29 17:53:37 | 000,736,028 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.01.29 17:53:37 | 000,733,898 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.01.29 17:53:37 | 000,730,720 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.01.29 17:53:37 | 000,715,252 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013.01.29 17:53:37 | 000,698,800 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.29 17:53:37 | 000,654,468 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2013.01.29 17:53:37 | 000,653,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.29 17:53:37 | 000,500,026 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2013.01.29 17:53:37 | 000,485,302 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2013.01.29 17:53:37 | 000,472,166 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2013.01.29 17:53:37 | 000,158,138 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.01.29 17:53:37 | 000,152,730 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.01.29 17:53:37 | 000,150,294 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013.01.29 17:53:37 | 000,149,106 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.01.29 17:53:37 | 000,149,104 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.29 17:53:37 | 000,146,602 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.01.29 17:53:37 | 000,142,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2013.01.29 17:53:37 | 000,122,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.29 17:53:37 | 000,100,946 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2013.01.29 17:53:37 | 000,098,286 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2013.01.29 17:53:37 | 000,095,096 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2013.01.29 17:52:26 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 17:52:26 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 17:48:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.29 17:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 17:47:13 | 3017,433,088 | -HS- | M] () -- C:\hiberfil.sys [2013.01.28 22:34:00 | 000,062,816 | ---- | M] () -- C:\Users\***\Desktop\Imma_WS12_13.pdf [2013.01.28 14:13:10 | 000,497,405 | ---- | M] () -- C:\Users\***\Desktop\HAndbuch_Eisenbahninfrastruktur.pdf [2013.01.20 16:36:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.20 13:01:10 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.01.17 13:47:26 | 000,068,708 | ---- | M] () -- C:\Users\***\Desktop\Error.jpg [2013.01.16 21:12:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Fahren Sie fort mit EverestPoker.com-setup.lnk [2013.01.16 20:59:06 | 000,422,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.15 21:51:56 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\MicroStation V8i (SELECTseries 2) .lnk [2013.01.15 20:51:57 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.01.15 20:51:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.01.15 20:51:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.01.15 20:51:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.01.15 20:51:57 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.01.15 20:51:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.01.15 20:51:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.01.15 20:51:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.01.15 20:51:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.01.15 20:51:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.01.15 20:51:56 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.01.15 20:51:56 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.01.15 20:51:56 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.01.15 20:51:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.01.15 20:51:56 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.01.15 20:51:56 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.01.15 20:51:56 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.01.15 20:51:56 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.01.15 20:51:56 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.01.15 20:51:56 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.01.15 20:51:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.01.15 20:51:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.15 20:51:56 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.01.15 20:51:56 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.01.15 20:51:56 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.01.15 20:51:56 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.01.15 20:51:56 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.01.15 20:51:55 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.01.15 20:51:55 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.01.15 20:51:54 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.01.15 20:51:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.01.15 20:51:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.01.15 20:51:54 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.01.15 20:51:54 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.01.15 20:51:54 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.01.15 20:51:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.01.15 20:51:54 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.01.15 20:51:54 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.01.15 20:51:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.01.15 20:51:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.01.15 20:51:53 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.01.15 20:51:53 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.01.15 20:51:53 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.01.15 20:51:53 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.01.15 20:51:53 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.01.15 20:51:53 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.01.15 20:51:53 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.01.15 20:51:53 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.01.15 20:51:53 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.01.15 20:51:53 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.01.15 20:51:53 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.01.15 20:51:53 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.01.15 20:51:53 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.01.15 20:51:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.01.15 20:51:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.01.15 20:51:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.15 20:51:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.01.15 20:51:53 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.01.15 20:51:53 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.01.14 17:42:22 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.08 20:58:53 | 008,390,330 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.07 19:29:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [2013.01.02 16:51:19 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.02 16:51:19 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.28 22:34:00 | 000,062,816 | ---- | C] () -- C:\Users\***\Desktop\Imma_WS12_13.pdf [2013.01.28 14:13:10 | 000,497,405 | ---- | C] () -- C:\Users\***\Desktop\HAndbuch_Eisenbahninfrastruktur.pdf [2013.01.20 13:01:10 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.01.20 13:00:02 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.20 13:00:01 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.17 13:47:26 | 000,068,708 | ---- | C] () -- C:\Users\***\Desktop\Error.jpg [2013.01.16 21:12:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Fahren Sie fort mit EverestPoker.com-setup.lnk [2013.01.15 21:51:56 | 000,001,533 | ---- | C] () -- C:\Users\Public\Desktop\MicroStation V8i (SELECTseries 2) .lnk [2013.01.15 21:02:56 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.15 21:02:53 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.15 20:51:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.15 20:51:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.14 17:42:22 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.07 19:29:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [2011.11.16 18:29:03 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.16 18:15:51 | 008,390,330 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.15 00:15:36 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2011.10.15 13:22:30 | 000,007,574 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.07.04 13:16:28 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.18 22:06:45 | 000,000,081 | ---- | C] () -- C:\Users\***\CTX.DAT ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.21 08:04:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansoft [2012.02.01 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2012.02.01 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bentley [2011.09.26 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BID [2013.01.07 19:39:57 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\Common [2012.02.09 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.01.07 20:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayFusion [2013.01.14 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.11.16 19:29:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2013.01.14 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.04.25 16:23:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda Fusion [2011.10.14 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.09.23 16:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView ========== Purity Check ========== < End of report > [/CODE] Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.01.2013 21:57:22 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 56,00% Memory free
7,49 Gb Paging File | 5,42 Gb Available in Paging File | 72,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 87,39 Gb Free Space | 29,33% Space Free | Partition Type: NTFS
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-710000570-3305258888-3753924887-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30AF2DC8-77A9-49DA-8C68-F55CDC73086F}" = rport=445 | protocol=6 | dir=out | app=system |
"{32D11FF1-EDA2-4A2A-AABB-44A731BF50CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{45AA7F51-175B-4A86-8A0B-BAB49E4E825D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4BE8EB99-2C34-4E7B-B1CE-FD6133EFCB71}" = lport=138 | protocol=17 | dir=in | app=system |
"{58D205D7-4399-4600-AD96-8143D725136F}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A65966E-7870-478B-A76B-CA9CF89547BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B665CA1-99AD-4686-8100-05F212360851}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82C25C6A-F676-4803-B30B-69B0F33B6C0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9095D950-BAF4-4DC0-A69F-CD69EFADF3F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9791DCD9-55CE-4BFA-BB2E-FFD602568226}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98035563-F367-4EC6-8ABD-43E46663483E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A707F928-CE5B-4258-9E82-E6FE7AAD4317}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1103DB9E-D0A0-4B80-A014-C17D2C929223}" = protocol=17 | dir=in | app=c:\program files (x86)\bentley\microstation v8i (selectseries)\microstation\ustation.exe |
"{36110311-6962-491F-B409-70ABBEA9E720}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3E20FCC1-C085-4B5F-AF9E-5B03DFFAD5AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E4471E1-1908-4314-B516-675BB108E8D3}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\update.exe |
"{5E51AAAE-0585-4DDC-9356-EF762AA83886}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\update.exe |
"{84944EA3-C50F-47A7-9C89-7BCC3EBDC393}" = protocol=6 | dir=in | app=c:\program files (x86)\bentley\microstation v8i (selectseries)\microstation\ustation.exe |
"{9B3385E5-3FE3-4D7A-A827-64D27771780A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E5D9586C-70A1-42FC-9D68-215D34B342A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0144EAD-523C-4991-9353-AD4149B1CC05}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{FC4566FD-7DAB-4505-B3E5-37680D5D57A4}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{61041E2B-E9B9-4DFB-88A6-137E86AC22E8}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"TCP Query User{80D78DA9-58FB-4CFD-A4DB-956649A3A884}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"UDP Query User{42766627-BAE0-44EB-8B1C-1E2282960A68}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"UDP Query User{8B13F8B2-487D-4FAF-9EB1-AACE69E2F7B3}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2E873893-A883-4C06-8308-7B491D58F3D6}" = Bentley DGN IFilter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74A8C1AF-75E5-4653-95AF-222725B7D877}" = Bentley DGN Thumbnail Provider
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{433B30F1-3B10-4DDD-8975-C891C56BF992}" = PENTAX Digital Camera Utility 4
"{477F115E-D48E-4D9D-B839-2AF37CA2987B}" = Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{57F5CC1D-2E00-4008-8CEC-EFE61B2E58AE}" = Visual Basic for Applications (R) Core - German
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E9B0F70-EEF6-41E1-BF89-FDC4B9EDBD9C}" = MicroStation V8i (SELECTseries 2) 08.11.07.443
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F51BA406-C885-4163-A3E4-056F951DE2FE}" = SIMPLORER 7.0 Student Version
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.3
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.25.0.0 BETA
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"MirandaFusion" = Miranda Fusion 3.1.10
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.10.2012 12:10:03 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.1.4666 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b28 Startzeit:
01cdaaebad1f74e6 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
c0782178-16e2-11e2-b4d8-002713c8d369
Error - 15.10.2012 12:59:05 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BID.exe, Version: 4.25.0.0, Zeitstempel:
0x4e72bf56 Name des fehlerhaften Moduls: BID.exe, Version: 4.25.0.0, Zeitstempel:
0x4e72bf56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e309 ID des fehlerhaften Prozesses:
0x9d8 Startzeit der fehlerhaften Anwendung: 0x01cdaaebd36ec6f5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Bulk Image Downloader_2\BID.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Bulk Image Downloader_2\BID.exe Berichtskennung:
a0420d1e-16e9-11e2-b4d8-002713c8d369
Error - 06.11.2012 17:49:17 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dfc Startzeit:
01cdbc3b33006b9a Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bd614f0d-285b-11e2-9781-002713c8d369
Error - 14.11.2012 15:32:51 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 910 Startzeit:
01cdc29a430ce99b Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0d59bc2c-2e92-11e2-b2c5-002713c8d369
Error - 21.12.2012 12:49:43 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.01.2013 07:54:13 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ef4 Startzeit:
01cde8073c193b82 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e40e5bb5-5409-11e2-90ff-002713c8d369
Error - 02.01.2013 10:17:18 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_jdownloader.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.01.2013 12:24:26 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_jdownloader.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.01.2013 12:24:34 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.01.2013 08:04:12 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DUI70.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdf25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001b5b
ID
des fehlerhaften Prozesses: 0x290 Startzeit der fehlerhaften Anwendung: 0x01cdf6f197b3af26
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\DUI70.dll Berichtskennung: 805c8c5a-62f9-11e2-ae75-002713c8d369
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::searchProcessesForUserToken File:
.\IPC\WinsecAPI.cpp Line: 1391 Invoked Function: Process32Next Return Code: 18 (0x00000012)
Description:
Es sind keine weiteren Dateien vorhanden.
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 29.01.2013 12:47:29 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 29.01.2013 12:48:28 | Computer Name = ***-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 29.01.2013 12:48:48 | Computer Name = ***-Notebook | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 29.01.2013 12:48:49 | Computer Name = ***-Notebook | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
[ Media Center Events ]
Error - 22.02.2011 01:00:35 | Computer Name = ***-Notebook | Source = MCUpdate | ID = 0
Description = 06:00:34 - Fehler beim Herstellen der Internetverbindung. 06:00:34
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2011 01:01:13 | Computer Name = ***-Notebook | Source = MCUpdate | ID = 0
Description = 06:01:04 - Fehler beim Herstellen der Internetverbindung. 06:01:04
- Serververbindung konnte nicht hergestellt werden..
Error - 18.11.2012 14:21:41 | Computer Name = ***-Notebook | Source = MCUpdate | ID = 0
Description = 19:21:41 - Fehler beim Herstellen der Internetverbindung. 19:21:41
- Serververbindung konnte nicht hergestellt werden..
Error - 18.11.2012 14:22:31 | Computer Name = ***-Notebook | Source = MCUpdate | ID = 0
Description = 19:21:46 - Fehler beim Herstellen der Internetverbindung. 19:21:46
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 29.01.2013 12:47:19 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.01.2013 12:47:19 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 29.01.2013 12:47:19 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.01.2013 12:47:44 | Computer Name = ***-Notebook | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report >
Geändert von frankstar (29.01.2013 um 22:47 Uhr) |
|
30.01.2013, 12:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mehrfach Probleme bei Installationen von Programmen Zitat:
__________________ |
|
30.01.2013, 12:34
| #3 |
| | Mehrfach Probleme bei Installationen von Programmen Hallo,
__________________es ist mein Privat-Laptop, das Programm kann man als Student kostenlos herunterladen und nutzen, wenn die Universität bei Bentley akkreditiert ist.  Über ein VPN-Zugang kann und war ich jedoch auch mit dem Uni-Netz verbunden. |
|
30.01.2013, 12:42
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Ok, danke für die Erklärung  Zitat:
Ich frage deswegen nach den Logs => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2013, 14:16
| #5 |
| | Mehrfach Probleme bei Installationen von Programmen Leider gibts da keinen Log mehr von Avira  |
|
30.01.2013, 15:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Was ist mit anderen Scannern? Gab es da schonmal Funde? Wenn ja, Logs?
__________________ --> Mehrfach Probleme bei Installationen von Programmen |
|
30.01.2013, 15:17
| #7 |
| | Mehrfach Probleme bei Installationen von Programmen Der Fund wurde mit Avira gemacht, ist aber schon ein Stück (6 Wochen etwa) her. Als anderen Scanner hatte ich mal Malwarebytes drauf, den ich aber wieder runter getan habe. Somit sind leider keine Logs mehr vorhanden... Danke schon mal für die Schnellen Antorten!  |
|
30.01.2013, 15:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2013, 16:26
| #9 |
| | Mehrfach Probleme bei Installationen von Programmen Ok, ich melde mich, wenns durchgeführt ist. Also der Scan wurde jetzt druchgeführt und erbrachte die Meldung: No Maleware Found! Hier das Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.30.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-NOTEBOOK [administrator]
30.01.2013 17:00:56
mbar-log-2013-01-30 (17-00-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30853
Time elapsed: 29 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
31.01.2013, 11:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:04
| #11 |
| | Mehrfach Probleme bei Installationen von Programmen So, beide Scans sind jetzt durchgelaufen, hier die Logs: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 14:52:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\kwddraow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075291401 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075291419 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075291431 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007529144a 2 bytes [29, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752914dd 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752914f5 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007529150d 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075291525 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007529153d 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075291555 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007529156d 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075291585 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007529159d 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752915b5 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752915cd 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752916b2 2 bytes [29, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752916bd 2 bytes [29, 75]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{597C0144-56E3-46F7-9A93-A6C165E92991}\Connection@Name isatap.{4D70B4F9-917F-4B09-87F1-1F33A7810A2C}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{597C0144-56E3-46F7-9A93-A6C165E92991}?\Device\{1194A0B2-4E8F-4ECB-B956-34A29E283B6C}?\Device\{28C22BD9-0B86-4C50-B558-E0072003984B}?\Device\{BCB6AC1C-4722-40C2-91CE-9EFA1D29E0A0}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{597C0144-56E3-46F7-9A93-A6C165E92991}"?"{1194A0B2-4E8F-4ECB-B956-34A29E283B6C}"?"{28C22BD9-0B86-4C50-B558-E0072003984B}"?"{BCB6AC1C-4722-40C2-91CE-9EFA1D29E0A0}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{597C0144-56E3-46F7-9A93-A6C165E92991}?\Device\TCPIP6TUNNEL_{1194A0B2-4E8F-4ECB-B956-34A29E283B6C}?\Device\TCPIP6TUNNEL_{28C22BD9-0B86-4C50-B558-E0072003984B}?\Device\TCPIP6TUNNEL_{BCB6AC1C-4722-40C2-91CE-9EFA1D29E0A0}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369@0c6076bfe72a 0x6D 0x16 0x18 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369@00265dd3e72c 0xB1 0x08 0x9E 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369@0012ee6270b1 0x0B 0x80 0xA2 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369@2c44013bf8ee 0xC8 0x97 0xB4 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8d369@505663a1a595 0xDD 0xC5 0x79 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{597C0144-56E3-46F7-9A93-A6C165E92991}@InterfaceName isatap.{4D70B4F9-917F-4B09-87F1-1F33A7810A2C}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{597C0144-56E3-46F7-9A93-A6C165E92991}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369@0c6076bfe72a 0x6D 0x16 0x18 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369@00265dd3e72c 0xB1 0x08 0x9E 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369@0012ee6270b1 0x0B 0x80 0xA2 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369@2c44013bf8ee 0xC8 0x97 0xB4 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8d369@505663a1a595 0xDD 0xC5 0x79 0xDF ...
---- EOF - GMER 2.0 ----
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 15:00:07
-----------------------------
15:00:07.705 OS Version: Windows x64 6.1.7601 Service Pack 1
15:00:07.705 Number of processors: 2 586 0x301
15:00:07.721 ComputerName: ***-NOTEBOOK UserName: ***
15:00:09.359 Initialize success
15:00:37.719 AVAST engine download error: 0
15:00:48.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:00:48.998 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 3
15:00:49.045 Disk 0 MBR read successfully
15:00:49.045 Disk 0 MBR scan
15:00:49.060 Disk 0 Windows 7 default MBR code
15:00:49.076 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:00:49.092 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
15:00:49.107 Disk 0 scanning C:\Windows\system32\drivers
15:01:06.969 Service scanning
15:01:28.076 Modules scanning
15:01:28.092 Disk 0 trace - called modules:
15:01:28.107 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:01:28.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ca2760]
15:01:28.123 3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> [0xfffffa8003c58e40]
15:01:28.123 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004746060]
15:01:28.139 Scan finished successfully
15:01:46.001 Disk 0 MBR has been saved successfully to "C:\Users\***\Downloads\MBR.dat"
15:01:46.016 The log file has been saved successfully to "C:\Users\***\Downloads\aswMBR.txt"
|
|
31.01.2013, 15:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:19
| #13 |
| | Mehrfach Probleme bei Installationen von Programmen Ok, auch der Scan ging fix, hier die Logdatei: Code:
ATTFilter 15:16:07.0075 4800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:16:07.0090 4800 ============================================================
15:16:07.0090 4800 Current date / time: 2013/01/31 15:16:07.0090
15:16:07.0090 4800 SystemInfo:
15:16:07.0090 4800
15:16:07.0090 4800 OS Version: 6.1.7601 ServicePack: 1.0
15:16:07.0090 4800 Product type: Workstation
15:16:07.0090 4800 ComputerName: ***-NOTEBOOK
15:16:07.0106 4800 UserName: ***
15:16:07.0106 4800 Windows directory: C:\Windows
15:16:07.0106 4800 System windows directory: C:\Windows
15:16:07.0106 4800 Running under WOW64
15:16:07.0106 4800 Processor architecture: Intel x64
15:16:07.0106 4800 Number of processors: 2
15:16:07.0106 4800 Page size: 0x1000
15:16:07.0106 4800 Boot type: Normal boot
15:16:07.0106 4800 ============================================================
15:16:08.0307 4800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:08.0323 4800 ============================================================
15:16:08.0323 4800 \Device\Harddisk0\DR0:
15:16:08.0323 4800 MBR partitions:
15:16:08.0323 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:16:08.0323 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
15:16:08.0323 4800 ============================================================
15:16:08.0338 4800 C: <-> \Device\Harddisk0\DR0\Partition2
15:16:08.0338 4800 ============================================================
15:16:08.0338 4800 Initialize success
15:16:08.0338 4800 ============================================================
15:16:14.0329 4288 ============================================================
15:16:14.0329 4288 Scan started
15:16:14.0329 4288 Mode: Manual; SigCheck; TDLFS;
15:16:14.0329 4288 ============================================================
15:16:15.0265 4288 ================ Scan system memory ========================
15:16:15.0265 4288 System memory - ok
15:16:15.0265 4288 ================ Scan services =============================
15:16:15.0499 4288 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:16:15.0639 4288 1394ohci - ok
15:16:15.0717 4288 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:16:15.0748 4288 ACPI - ok
15:16:15.0795 4288 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:16:15.0951 4288 AcpiPmi - ok
15:16:16.0014 4288 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
15:16:16.0076 4288 acsock - ok
15:16:16.0248 4288 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:16:16.0263 4288 AdobeARMservice - ok
15:16:16.0310 4288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:16:16.0341 4288 adp94xx - ok
15:16:16.0372 4288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:16:16.0388 4288 adpahci - ok
15:16:16.0419 4288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:16:16.0435 4288 adpu320 - ok
15:16:16.0466 4288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:16:16.0669 4288 AeLookupSvc - ok
15:16:16.0731 4288 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:16:16.0825 4288 AFD - ok
15:16:16.0872 4288 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:16:16.0965 4288 AgereSoftModem - ok
15:16:17.0028 4288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:16:17.0028 4288 agp440 - ok
15:16:17.0059 4288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:16:17.0152 4288 ALG - ok
15:16:17.0168 4288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:16:17.0184 4288 aliide - ok
15:16:17.0262 4288 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:16:17.0371 4288 AMD External Events Utility - ok
15:16:17.0386 4288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:16:17.0402 4288 amdide - ok
15:16:17.0433 4288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:16:17.0496 4288 AmdK8 - ok
15:16:17.0511 4288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:16:17.0589 4288 AmdPPM - ok
15:16:17.0620 4288 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:16:17.0636 4288 amdsata - ok
15:16:17.0667 4288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:16:17.0683 4288 amdsbs - ok
15:16:17.0698 4288 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:16:17.0714 4288 amdxata - ok
15:16:17.0792 4288 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:16:17.0823 4288 AntiVirSchedulerService - ok
15:16:17.0854 4288 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:16:17.0870 4288 AntiVirService - ok
15:16:17.0948 4288 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:16:18.0166 4288 AppID - ok
15:16:18.0182 4288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:16:18.0260 4288 AppIDSvc - ok
15:16:18.0307 4288 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:16:18.0369 4288 Appinfo - ok
15:16:18.0416 4288 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:16:18.0463 4288 AppMgmt - ok
15:16:18.0494 4288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:16:18.0510 4288 arc - ok
15:16:18.0525 4288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:16:18.0541 4288 arcsas - ok
15:16:18.0744 4288 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:16:18.0775 4288 aspnet_state - ok
15:16:18.0790 4288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:18.0900 4288 AsyncMac - ok
15:16:18.0946 4288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:16:18.0946 4288 atapi - ok
15:16:19.0180 4288 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:19.0383 4288 atikmdag - ok
15:16:19.0461 4288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:16:19.0602 4288 AudioEndpointBuilder - ok
15:16:19.0648 4288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:16:19.0711 4288 AudioSrv - ok
15:16:19.0758 4288 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:16:19.0820 4288 avgntflt - ok
15:16:19.0898 4288 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:16:19.0960 4288 avipbb - ok
15:16:19.0976 4288 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:16:20.0023 4288 avkmgr - ok
15:16:20.0085 4288 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:16:20.0163 4288 AxInstSV - ok
15:16:20.0194 4288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:16:20.0272 4288 b06bdrv - ok
15:16:20.0319 4288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:16:20.0382 4288 b57nd60a - ok
15:16:20.0460 4288 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:16:20.0584 4288 BCM43XX - ok
15:16:20.0600 4288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:16:20.0694 4288 BDESVC - ok
15:16:20.0709 4288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:16:20.0787 4288 Beep - ok
15:16:20.0865 4288 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:16:20.0990 4288 BFE - ok
15:16:21.0084 4288 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:16:21.0177 4288 BITS - ok
15:16:21.0193 4288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:21.0240 4288 blbdrive - ok
15:16:21.0286 4288 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:16:21.0396 4288 bowser - ok
15:16:21.0427 4288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:16:21.0474 4288 BrFiltLo - ok
15:16:21.0489 4288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:16:21.0536 4288 BrFiltUp - ok
15:16:21.0552 4288 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:16:21.0598 4288 Browser - ok
15:16:21.0630 4288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:16:21.0676 4288 Brserid - ok
15:16:21.0708 4288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:21.0754 4288 BrSerWdm - ok
15:16:21.0770 4288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:21.0848 4288 BrUsbMdm - ok
15:16:21.0848 4288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:21.0926 4288 BrUsbSer - ok
15:16:21.0988 4288 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:16:22.0082 4288 BthEnum - ok
15:16:22.0098 4288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:22.0144 4288 BTHMODEM - ok
15:16:22.0176 4288 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:16:22.0254 4288 BthPan - ok
15:16:22.0300 4288 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:16:22.0363 4288 BTHPORT - ok
15:16:22.0425 4288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:16:22.0519 4288 bthserv - ok
15:16:22.0566 4288 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:16:22.0612 4288 BTHUSB - ok
15:16:22.0659 4288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:16:22.0768 4288 cdfs - ok
15:16:22.0831 4288 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:16:22.0878 4288 cdrom - ok
15:16:22.0940 4288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:16:23.0018 4288 CertPropSvc - ok
15:16:23.0049 4288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:16:23.0096 4288 circlass - ok
15:16:23.0127 4288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:16:23.0158 4288 CLFS - ok
15:16:23.0252 4288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:23.0283 4288 clr_optimization_v2.0.50727_32 - ok
15:16:23.0314 4288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:16:23.0330 4288 clr_optimization_v2.0.50727_64 - ok
15:16:23.0439 4288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:16:23.0470 4288 clr_optimization_v4.0.30319_32 - ok
15:16:23.0486 4288 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:16:23.0502 4288 clr_optimization_v4.0.30319_64 - ok
15:16:23.0548 4288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:23.0595 4288 CmBatt - ok
15:16:23.0626 4288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:16:23.0642 4288 cmdide - ok
15:16:23.0689 4288 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:16:23.0720 4288 CNG - ok
15:16:23.0736 4288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:16:23.0751 4288 Compbatt - ok
15:16:23.0798 4288 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:16:23.0876 4288 CompositeBus - ok
15:16:23.0876 4288 COMSysApp - ok
15:16:23.0907 4288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:16:23.0923 4288 crcdisk - ok
15:16:24.0001 4288 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:16:24.0063 4288 CryptSvc - ok
15:16:24.0126 4288 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:16:24.0219 4288 CSC - ok
15:16:24.0297 4288 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:16:24.0391 4288 CscService - ok
15:16:24.0438 4288 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:16:24.0578 4288 dc3d - ok
15:16:24.0625 4288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:16:24.0765 4288 DcomLaunch - ok
15:16:24.0796 4288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:16:24.0859 4288 defragsvc - ok
15:16:24.0921 4288 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:16:25.0015 4288 DfsC - ok
15:16:25.0046 4288 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:16:25.0140 4288 Dhcp - ok
15:16:25.0171 4288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:16:25.0264 4288 discache - ok
15:16:25.0280 4288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:16:25.0311 4288 Disk - ok
15:16:25.0374 4288 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:16:25.0420 4288 Dnscache - ok
15:16:25.0483 4288 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:16:25.0576 4288 dot3svc - ok
15:16:25.0608 4288 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:16:25.0701 4288 DPS - ok
15:16:25.0732 4288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:16:25.0795 4288 drmkaud - ok
15:16:25.0857 4288 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:16:25.0904 4288 DXGKrnl - ok
15:16:25.0935 4288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:16:26.0013 4288 EapHost - ok
15:16:26.0107 4288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:16:26.0232 4288 ebdrv - ok
15:16:26.0294 4288 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:16:26.0341 4288 EFS - ok
15:16:26.0403 4288 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:16:26.0544 4288 ehRecvr - ok
15:16:26.0575 4288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:16:26.0622 4288 ehSched - ok
15:16:26.0700 4288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:16:26.0746 4288 elxstor - ok
15:16:26.0762 4288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:16:26.0809 4288 ErrDev - ok
15:16:26.0856 4288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:16:26.0949 4288 EventSystem - ok
15:16:26.0980 4288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:16:27.0074 4288 exfat - ok
15:16:27.0105 4288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:16:27.0168 4288 fastfat - ok
15:16:27.0199 4288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:16:27.0246 4288 fdc - ok
15:16:27.0277 4288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:16:27.0370 4288 fdPHost - ok
15:16:27.0402 4288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:16:27.0464 4288 FDResPub - ok
15:16:27.0495 4288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:16:27.0511 4288 FileInfo - ok
15:16:27.0511 4288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:16:27.0589 4288 Filetrace - ok
15:16:27.0714 4288 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:16:27.0792 4288 FLEXnet Licensing Service 64 - ok
15:16:27.0823 4288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:27.0854 4288 flpydisk - ok
15:16:27.0932 4288 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:16:27.0963 4288 FltMgr - ok
15:16:28.0057 4288 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:16:28.0135 4288 FontCache - ok
15:16:28.0197 4288 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:16:28.0213 4288 FontCache3.0.0.0 - ok
15:16:28.0244 4288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:16:28.0260 4288 FsDepends - ok
15:16:28.0306 4288 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:16:28.0322 4288 Fs_Rec - ok
15:16:28.0353 4288 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:16:28.0369 4288 fvevol - ok
15:16:28.0400 4288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:28.0416 4288 gagp30kx - ok
15:16:28.0478 4288 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:16:28.0603 4288 gpsvc - ok
15:16:28.0806 4288 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:16:28.0837 4288 gupdate - ok
15:16:28.0946 4288 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:16:28.0946 4288 gupdatem - ok
15:16:28.0962 4288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:16:29.0040 4288 hcw85cir - ok
15:16:29.0118 4288 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:16:29.0196 4288 HdAudAddService - ok
15:16:29.0305 4288 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:16:29.0367 4288 HDAudBus - ok
15:16:29.0383 4288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:29.0476 4288 HidBatt - ok
15:16:29.0539 4288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:16:29.0632 4288 HidBth - ok
15:16:29.0695 4288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:16:29.0726 4288 HidIr - ok
15:16:29.0757 4288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:16:29.0851 4288 hidserv - ok
15:16:29.0929 4288 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:16:29.0944 4288 HidUsb - ok
15:16:30.0007 4288 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:16:30.0132 4288 hkmsvc - ok
15:16:30.0225 4288 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:16:30.0288 4288 HomeGroupListener - ok
15:16:30.0334 4288 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:16:30.0366 4288 HomeGroupProvider - ok
15:16:30.0412 4288 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:16:30.0444 4288 HpSAMD - ok
15:16:30.0506 4288 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:16:30.0584 4288 HTTP - ok
15:16:30.0631 4288 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:16:30.0662 4288 hwpolicy - ok
15:16:30.0678 4288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:16:30.0693 4288 i8042prt - ok
15:16:30.0740 4288 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:16:30.0756 4288 iaStorV - ok
15:16:30.0818 4288 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:16:30.0865 4288 idsvc - ok
15:16:30.0880 4288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:16:30.0896 4288 iirsp - ok
15:16:30.0943 4288 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:16:31.0021 4288 IKEEXT - ok
15:16:31.0036 4288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:16:31.0052 4288 intelide - ok
15:16:31.0068 4288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:16:31.0146 4288 intelppm - ok
15:16:31.0177 4288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:16:31.0239 4288 IPBusEnum - ok
15:16:31.0302 4288 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:31.0380 4288 IpFilterDriver - ok
15:16:31.0442 4288 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:16:31.0504 4288 iphlpsvc - ok
15:16:31.0582 4288 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:16:31.0645 4288 IPMIDRV - ok
15:16:31.0676 4288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:16:31.0754 4288 IPNAT - ok
15:16:31.0785 4288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:16:31.0848 4288 IRENUM - ok
15:16:31.0879 4288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:16:31.0894 4288 isapnp - ok
15:16:31.0926 4288 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:16:31.0941 4288 iScsiPrt - ok
15:16:31.0957 4288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:31.0972 4288 kbdclass - ok
15:16:32.0004 4288 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:32.0019 4288 kbdhid - ok
15:16:32.0050 4288 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:16:32.0066 4288 KeyIso - ok
15:16:32.0097 4288 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:16:32.0113 4288 KSecDD - ok
15:16:32.0144 4288 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:16:32.0160 4288 KSecPkg - ok
15:16:32.0175 4288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:16:32.0238 4288 ksthunk - ok
15:16:32.0269 4288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:16:32.0378 4288 KtmRm - ok
15:16:32.0440 4288 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:16:32.0534 4288 LanmanServer - ok
15:16:32.0581 4288 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:16:32.0659 4288 LanmanWorkstation - ok
15:16:32.0690 4288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:16:32.0752 4288 lltdio - ok
15:16:32.0768 4288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:16:32.0893 4288 lltdsvc - ok
15:16:32.0908 4288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:16:33.0002 4288 lmhosts - ok
15:16:33.0033 4288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:16:33.0064 4288 LSI_FC - ok
15:16:33.0080 4288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:16:33.0096 4288 LSI_SAS - ok
15:16:33.0111 4288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:16:33.0127 4288 LSI_SAS2 - ok
15:16:33.0127 4288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:33.0142 4288 LSI_SCSI - ok
15:16:33.0158 4288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:16:33.0236 4288 luafv - ok
15:16:33.0283 4288 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:16:33.0330 4288 Mcx2Svc - ok
15:16:33.0345 4288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:16:33.0361 4288 megasas - ok
15:16:33.0392 4288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:33.0454 4288 MegaSR - ok
15:16:33.0486 4288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:16:33.0610 4288 MMCSS - ok
15:16:33.0642 4288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:16:33.0688 4288 Modem - ok
15:16:33.0704 4288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:16:33.0751 4288 monitor - ok
15:16:33.0813 4288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:16:33.0829 4288 mouclass - ok
15:16:33.0860 4288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:16:33.0891 4288 mouhid - ok
15:16:33.0954 4288 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:16:33.0985 4288 mountmgr - ok
15:16:34.0078 4288 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:16:34.0141 4288 MozillaMaintenance - ok
15:16:34.0172 4288 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:16:34.0188 4288 mpio - ok
15:16:34.0219 4288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:16:34.0281 4288 mpsdrv - ok
15:16:34.0359 4288 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:16:34.0500 4288 MpsSvc - ok
15:16:34.0546 4288 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:16:34.0578 4288 MRxDAV - ok
15:16:34.0640 4288 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:34.0687 4288 mrxsmb - ok
15:16:34.0780 4288 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:34.0827 4288 mrxsmb10 - ok
15:16:34.0890 4288 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:34.0952 4288 mrxsmb20 - ok
15:16:35.0014 4288 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:16:35.0046 4288 msahci - ok
15:16:35.0061 4288 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:16:35.0077 4288 msdsm - ok
15:16:35.0092 4288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:16:35.0155 4288 MSDTC - ok
15:16:35.0217 4288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:16:35.0264 4288 Msfs - ok
15:16:35.0280 4288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:16:35.0342 4288 mshidkmdf - ok
15:16:35.0358 4288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:16:35.0373 4288 msisadrv - ok
15:16:35.0404 4288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:16:35.0514 4288 MSiSCSI - ok
15:16:35.0514 4288 msiserver - ok
15:16:35.0545 4288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:16:35.0592 4288 MSKSSRV - ok
15:16:35.0607 4288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:35.0654 4288 MSPCLOCK - ok
15:16:35.0670 4288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:16:35.0748 4288 MSPQM - ok
15:16:35.0794 4288 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:16:35.0826 4288 MsRPC - ok
15:16:35.0857 4288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:16:35.0872 4288 mssmbios - ok
15:16:35.0888 4288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:16:35.0982 4288 MSTEE - ok
15:16:35.0997 4288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:16:36.0044 4288 MTConfig - ok
15:16:36.0091 4288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:16:36.0106 4288 Mup - ok
15:16:36.0169 4288 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:16:36.0247 4288 napagent - ok
15:16:36.0294 4288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:16:36.0356 4288 NativeWifiP - ok
15:16:36.0418 4288 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:16:36.0465 4288 NDIS - ok
15:16:36.0496 4288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:36.0559 4288 NdisCap - ok
15:16:36.0574 4288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:36.0637 4288 NdisTapi - ok
15:16:36.0684 4288 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:36.0808 4288 Ndisuio - ok
15:16:36.0871 4288 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:36.0949 4288 NdisWan - ok
15:16:37.0011 4288 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:16:37.0058 4288 NDProxy - ok
15:16:37.0074 4288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:16:37.0183 4288 NetBIOS - ok
15:16:37.0230 4288 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:16:37.0308 4288 NetBT - ok
15:16:37.0323 4288 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:16:37.0354 4288 Netlogon - ok
15:16:37.0417 4288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:16:37.0542 4288 Netman - ok
15:16:37.0604 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:37.0635 4288 NetMsmqActivator - ok
15:16:37.0651 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:37.0666 4288 NetPipeActivator - ok
15:16:37.0698 4288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:16:37.0760 4288 netprofm - ok
15:16:37.0776 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:37.0791 4288 NetTcpActivator - ok
15:16:37.0807 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:37.0822 4288 NetTcpPortSharing - ok
15:16:37.0854 4288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:37.0869 4288 nfrd960 - ok
15:16:37.0916 4288 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:16:37.0963 4288 NlaSvc - ok
15:16:37.0978 4288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:16:38.0041 4288 Npfs - ok
15:16:38.0056 4288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:16:38.0119 4288 nsi - ok
15:16:38.0134 4288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:16:38.0197 4288 nsiproxy - ok
15:16:38.0275 4288 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:16:38.0353 4288 Ntfs - ok
15:16:38.0384 4288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:16:38.0446 4288 Null - ok
15:16:38.0478 4288 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:16:38.0493 4288 nvraid - ok
15:16:38.0556 4288 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:16:38.0571 4288 nvstor - ok
15:16:38.0618 4288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:16:38.0634 4288 nv_agp - ok
15:16:38.0680 4288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:16:38.0696 4288 ohci1394 - ok
15:16:38.0821 4288 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:38.0836 4288 ose - ok
15:16:39.0008 4288 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:16:39.0180 4288 osppsvc - ok
15:16:39.0226 4288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:16:39.0273 4288 p2pimsvc - ok
15:16:39.0304 4288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:16:39.0336 4288 p2psvc - ok
15:16:39.0382 4288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:16:39.0429 4288 Parport - ok
15:16:39.0476 4288 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:16:39.0507 4288 partmgr - ok
15:16:39.0523 4288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:16:39.0554 4288 PcaSvc - ok
15:16:39.0585 4288 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:16:39.0601 4288 pci - ok
15:16:39.0648 4288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:16:39.0679 4288 pciide - ok
15:16:39.0694 4288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:39.0710 4288 pcmcia - ok
15:16:39.0741 4288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:16:39.0757 4288 pcw - ok
15:16:39.0804 4288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:16:39.0897 4288 PEAUTH - ok
15:16:40.0006 4288 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:16:40.0116 4288 PeerDistSvc - ok
15:16:40.0209 4288 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:16:40.0240 4288 PerfHost - ok
15:16:40.0334 4288 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:16:40.0443 4288 pla - ok
15:16:40.0506 4288 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:16:40.0552 4288 PlugPlay - ok
15:16:40.0584 4288 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:16:40.0615 4288 PNRPAutoReg - ok
15:16:40.0646 4288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:16:40.0677 4288 PNRPsvc - ok
15:16:40.0708 4288 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:16:40.0802 4288 PolicyAgent - ok
15:16:40.0833 4288 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:16:40.0896 4288 Power - ok
15:16:40.0942 4288 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:16:41.0005 4288 PptpMiniport - ok
15:16:41.0036 4288 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:16:41.0083 4288 Processor - ok
15:16:41.0114 4288 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:16:41.0176 4288 ProfSvc - ok
15:16:41.0192 4288 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:16:41.0208 4288 ProtectedStorage - ok
15:16:41.0270 4288 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:16:41.0348 4288 Psched - ok
15:16:41.0395 4288 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:16:41.0473 4288 ql2300 - ok
15:16:41.0488 4288 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:41.0504 4288 ql40xx - ok
15:16:41.0535 4288 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:16:41.0566 4288 QWAVE - ok
15:16:41.0598 4288 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:16:41.0644 4288 QWAVEdrv - ok
15:16:41.0660 4288 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:16:41.0738 4288 RasAcd - ok
15:16:41.0769 4288 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:41.0832 4288 RasAgileVpn - ok
15:16:41.0847 4288 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:16:41.0910 4288 RasAuto - ok
15:16:41.0956 4288 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:42.0050 4288 Rasl2tp - ok
15:16:42.0144 4288 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:16:42.0222 4288 RasMan - ok
15:16:42.0253 4288 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:42.0331 4288 RasPppoe - ok
15:16:42.0346 4288 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:16:42.0424 4288 RasSstp - ok
15:16:42.0487 4288 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:16:42.0580 4288 rdbss - ok
15:16:42.0612 4288 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:42.0658 4288 rdpbus - ok
15:16:42.0721 4288 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:42.0799 4288 RDPCDD - ok
15:16:42.0861 4288 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:16:42.0924 4288 RDPDR - ok
15:16:42.0955 4288 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:16:43.0017 4288 RDPENCDD - ok
15:16:43.0048 4288 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:16:43.0126 4288 RDPREFMP - ok
15:16:43.0251 4288 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:16:43.0282 4288 RdpVideoMiniport - ok
15:16:43.0329 4288 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:16:43.0407 4288 RDPWD - ok
15:16:43.0470 4288 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:16:43.0501 4288 rdyboost - ok
15:16:43.0516 4288 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:16:43.0594 4288 RemoteAccess - ok
15:16:43.0626 4288 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:16:43.0688 4288 RemoteRegistry - ok
15:16:43.0719 4288 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:16:43.0766 4288 RFCOMM - ok
15:16:43.0797 4288 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:16:43.0875 4288 RpcEptMapper - ok
15:16:43.0906 4288 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:16:43.0953 4288 RpcLocator - ok
15:16:44.0016 4288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:16:44.0078 4288 RpcSs - ok
15:16:44.0109 4288 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:16:44.0172 4288 rspndr - ok
15:16:44.0218 4288 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:16:44.0265 4288 s3cap - ok
15:16:44.0281 4288 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:16:44.0312 4288 SamSs - ok
15:16:44.0328 4288 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:16:44.0343 4288 sbp2port - ok
15:16:44.0390 4288 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:16:44.0452 4288 SCardSvr - ok
15:16:44.0499 4288 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:16:44.0593 4288 scfilter - ok
15:16:44.0671 4288 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:16:44.0796 4288 Schedule - ok
15:16:44.0842 4288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:16:44.0920 4288 SCPolicySvc - ok
15:16:44.0998 4288 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:16:45.0170 4288 SDRSVC - ok
15:16:45.0217 4288 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:16:45.0295 4288 secdrv - ok
15:16:45.0357 4288 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:16:45.0435 4288 seclogon - ok
15:16:45.0451 4288 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:16:45.0560 4288 SENS - ok
15:16:45.0591 4288 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:16:45.0638 4288 SensrSvc - ok
15:16:45.0654 4288 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:16:45.0669 4288 Serenum - ok
15:16:45.0685 4288 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:16:45.0732 4288 Serial - ok
15:16:45.0763 4288 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:16:45.0794 4288 sermouse - ok
15:16:45.0856 4288 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:16:45.0934 4288 SessionEnv - ok
15:16:45.0997 4288 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:16:46.0044 4288 sffdisk - ok
15:16:46.0075 4288 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:16:46.0122 4288 sffp_mmc - ok
15:16:46.0153 4288 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:16:46.0184 4288 sffp_sd - ok
15:16:46.0200 4288 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:46.0262 4288 sfloppy - ok
15:16:46.0309 4288 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:16:46.0387 4288 SharedAccess - ok
15:16:46.0434 4288 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:16:46.0512 4288 ShellHWDetection - ok
15:16:46.0543 4288 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:46.0558 4288 SiSRaid2 - ok
15:16:46.0590 4288 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:46.0605 4288 SiSRaid4 - ok
15:16:46.0636 4288 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:16:46.0699 4288 Smb - ok
15:16:46.0746 4288 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:16:46.0777 4288 SNMPTRAP - ok
15:16:46.0808 4288 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:16:46.0824 4288 spldr - ok
15:16:46.0870 4288 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:16:46.0917 4288 Spooler - ok
15:16:47.0042 4288 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:16:47.0167 4288 sppsvc - ok
15:16:47.0182 4288 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:16:47.0260 4288 sppuinotify - ok
15:16:47.0323 4288 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:16:47.0416 4288 srv - ok
15:16:47.0463 4288 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:16:47.0526 4288 srv2 - ok
15:16:47.0557 4288 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:16:47.0604 4288 srvnet - ok
15:16:47.0635 4288 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:16:47.0697 4288 SSDPSRV - ok
15:16:47.0728 4288 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:16:47.0806 4288 SstpSvc - ok
15:16:47.0838 4288 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:16:47.0869 4288 stexstor - ok
15:16:47.0947 4288 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:16:48.0025 4288 stisvc - ok
15:16:48.0072 4288 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:16:48.0087 4288 storflt - ok
15:16:48.0103 4288 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:16:48.0118 4288 storvsc - ok
15:16:48.0150 4288 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:16:48.0165 4288 swenum - ok
15:16:48.0181 4288 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:16:48.0243 4288 swprv - ok
15:16:48.0274 4288 Synth3dVsc - ok
15:16:48.0368 4288 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:16:48.0462 4288 SysMain - ok
15:16:48.0508 4288 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:16:48.0586 4288 TabletInputService - ok
15:16:48.0680 4288 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:16:48.0758 4288 TapiSrv - ok
15:16:48.0774 4288 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:16:48.0867 4288 TBS - ok
15:16:48.0930 4288 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:16:49.0008 4288 Tcpip - ok
15:16:49.0070 4288 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:16:49.0132 4288 TCPIP6 - ok
15:16:49.0164 4288 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:16:49.0210 4288 tcpipreg - ok
15:16:49.0242 4288 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:16:49.0288 4288 TDPIPE - ok
15:16:49.0351 4288 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:16:49.0382 4288 TDTCP - ok
15:16:49.0444 4288 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:16:49.0507 4288 tdx - ok
15:16:49.0554 4288 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:16:49.0569 4288 TermDD - ok
15:16:49.0600 4288 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:16:49.0678 4288 TermService - ok
15:16:49.0710 4288 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:16:49.0741 4288 Themes - ok
15:16:49.0756 4288 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:16:49.0803 4288 THREADORDER - ok
15:16:49.0819 4288 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:16:49.0881 4288 TrkWks - ok
15:16:49.0959 4288 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:16:50.0068 4288 TrustedInstaller - ok
15:16:50.0115 4288 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:50.0162 4288 tssecsrv - ok
15:16:50.0240 4288 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:16:50.0334 4288 TsUsbFlt - ok
15:16:50.0380 4288 tsusbhub - ok
15:16:50.0458 4288 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:16:50.0552 4288 tunnel - ok
15:16:50.0583 4288 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:16:50.0599 4288 uagp35 - ok
15:16:50.0677 4288 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:16:50.0770 4288 udfs - ok
15:16:50.0817 4288 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:16:50.0833 4288 UI0Detect - ok
15:16:50.0864 4288 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:16:50.0880 4288 uliagpkx - ok
15:16:50.0958 4288 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:16:50.0989 4288 umbus - ok
15:16:51.0036 4288 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:16:51.0067 4288 UmPass - ok
15:16:51.0129 4288 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:16:51.0176 4288 UmRdpService - ok
15:16:51.0223 4288 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:16:51.0316 4288 upnphost - ok
15:16:51.0332 4288 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:51.0363 4288 usbccgp - ok
15:16:51.0394 4288 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:16:51.0441 4288 usbcir - ok
15:16:51.0457 4288 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:16:51.0504 4288 usbehci - ok
15:16:51.0550 4288 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:16:51.0597 4288 usbhub - ok
15:16:51.0597 4288 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:16:51.0628 4288 usbohci - ok
15:16:51.0644 4288 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:16:51.0691 4288 usbprint - ok
15:16:51.0722 4288 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:51.0769 4288 USBSTOR - ok
15:16:51.0784 4288 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:16:51.0816 4288 usbuhci - ok
15:16:51.0878 4288 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:16:51.0925 4288 usbvideo - ok
15:16:51.0972 4288 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:16:52.0034 4288 UxSms - ok
15:16:52.0065 4288 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:16:52.0081 4288 VaultSvc - ok
15:16:52.0112 4288 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:16:52.0112 4288 vdrvroot - ok
15:16:52.0174 4288 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:16:52.0299 4288 vds - ok
15:16:52.0330 4288 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:52.0362 4288 vga - ok
15:16:52.0362 4288 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:16:52.0424 4288 VgaSave - ok
15:16:52.0440 4288 VGPU - ok
15:16:52.0502 4288 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:16:52.0549 4288 vhdmp - ok
15:16:52.0564 4288 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:16:52.0580 4288 viaide - ok
15:16:52.0596 4288 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:16:52.0642 4288 vmbus - ok
15:16:52.0658 4288 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:16:52.0689 4288 VMBusHID - ok
15:16:52.0767 4288 [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm C:\Windows\system32\Treiber\vmm.sys
15:16:52.0798 4288 vmm - ok
15:16:52.0814 4288 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:16:52.0830 4288 volmgr - ok
15:16:52.0908 4288 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:16:52.0939 4288 volmgrx - ok
15:16:52.0970 4288 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:16:52.0986 4288 volsnap - ok
15:16:53.0017 4288 [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
15:16:53.0032 4288 VPCNetS2 - ok
15:16:53.0095 4288 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:16:53.0126 4288 vpnagent - ok
15:16:53.0142 4288 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
15:16:53.0188 4288 vpnva - ok
15:16:53.0220 4288 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:53.0235 4288 vsmraid - ok
15:16:53.0344 4288 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:16:53.0500 4288 VSS - ok
15:16:53.0516 4288 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:53.0563 4288 vwifibus - ok
15:16:53.0594 4288 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:53.0625 4288 vwififlt - ok
15:16:53.0641 4288 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:16:53.0672 4288 vwifimp - ok
15:16:53.0719 4288 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:16:53.0781 4288 W32Time - ok
15:16:53.0812 4288 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:16:53.0844 4288 WacomPen - ok
15:16:53.0953 4288 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:16:54.0031 4288 WANARP - ok
15:16:54.0046 4288 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:16:54.0093 4288 Wanarpv6 - ok
15:16:54.0171 4288 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:16:54.0280 4288 wbengine - ok
15:16:54.0327 4288 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:16:54.0358 4288 WbioSrvc - ok
15:16:54.0421 4288 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:16:54.0483 4288 wcncsvc - ok
15:16:54.0530 4288 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:16:54.0577 4288 WcsPlugInService - ok
15:16:54.0592 4288 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:16:54.0608 4288 Wd - ok
15:16:54.0639 4288 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:16:54.0686 4288 Wdf01000 - ok
15:16:54.0702 4288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:16:54.0795 4288 WdiServiceHost - ok
15:16:54.0811 4288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:16:54.0842 4288 WdiSystemHost - ok
15:16:54.0904 4288 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:16:54.0967 4288 WebClient - ok
15:16:54.0998 4288 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:16:55.0060 4288 Wecsvc - ok
15:16:55.0076 4288 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:16:55.0123 4288 wercplsupport - ok
15:16:55.0138 4288 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:16:55.0216 4288 WerSvc - ok
15:16:55.0279 4288 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:55.0357 4288 WfpLwf - ok
15:16:55.0372 4288 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:16:55.0404 4288 WIMMount - ok
15:16:55.0419 4288 WinDefend - ok
15:16:55.0450 4288 WinHttpAutoProxySvc - ok
15:16:55.0497 4288 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:16:55.0560 4288 Winmgmt - ok
15:16:55.0653 4288 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:16:55.0809 4288 WinRM - ok
15:16:55.0872 4288 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:16:55.0918 4288 Wlansvc - ok
15:16:55.0981 4288 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:16:56.0012 4288 WmiAcpi - ok
15:16:56.0059 4288 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:16:56.0090 4288 wmiApSrv - ok
15:16:56.0121 4288 WMPNetworkSvc - ok
15:16:56.0137 4288 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:16:56.0168 4288 WPCSvc - ok
15:16:56.0230 4288 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:16:56.0262 4288 WPDBusEnum - ok
15:16:56.0277 4288 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:16:56.0355 4288 ws2ifsl - ok
15:16:56.0371 4288 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:16:56.0418 4288 wscsvc - ok
15:16:56.0433 4288 WSearch - ok
15:16:56.0511 4288 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:16:56.0636 4288 wuauserv - ok
15:16:56.0667 4288 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:16:56.0730 4288 WudfPf - ok
15:16:56.0761 4288 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:56.0808 4288 WUDFRd - ok
15:16:56.0854 4288 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:16:56.0886 4288 wudfsvc - ok
15:16:56.0901 4288 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:16:56.0948 4288 WwanSvc - ok
15:16:56.0979 4288 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:16:57.0026 4288 yukonw7 - ok
15:16:57.0088 4288 ================ Scan global ===============================
15:16:57.0151 4288 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:16:57.0213 4288 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:16:57.0244 4288 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:16:57.0260 4288 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:16:57.0291 4288 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:16:57.0291 4288 [Global] - ok
15:16:57.0291 4288 ================ Scan MBR ==================================
15:16:57.0307 4288 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:16:57.0962 4288 \Device\Harddisk0\DR0 - ok
15:16:57.0962 4288 ================ Scan VBR ==================================
15:16:57.0978 4288 [ 3E61A806FA5434CFF6BFF7CECD763BF1 ] \Device\Harddisk0\DR0\Partition1
15:16:57.0978 4288 \Device\Harddisk0\DR0\Partition1 - ok
15:16:58.0009 4288 [ FE9356B86AE815BFF4A9B85A355A983D ] \Device\Harddisk0\DR0\Partition2
15:16:58.0009 4288 \Device\Harddisk0\DR0\Partition2 - ok
15:16:58.0009 4288 ============================================================
15:16:58.0009 4288 Scan finished
15:16:58.0009 4288 ============================================================
15:16:58.0040 4340 Detected object count: 0
15:16:58.0040 4340 Actual detected object count: 0
|
|
31.01.2013, 15:24
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrfach Probleme bei Installationen von Programmen Ist unauffällig  adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 15:30
| #15 |
| | Mehrfach Probleme bei Installationen von Programmen Unauffällig beruhigt mich schon mal. Hab jetzt auch diesen Scan gemacht: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 31/01/2013 um 15:27:47 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : *** - ***-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4n3ahrkf.default\searchplugins\Askcom.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4n3ahrkf.default\prefs.js
Gefunden : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1086 octets] - [31/01/2013 15:27:47]
########## EOF - C:\AdwCleaner[R1].txt - [1146 octets] ##########
|
|
| Themen zu Mehrfach Probleme bei Installationen von Programmen |
| anmeldung, antivir, avira, diverse, download, einstellungen, free, funktioniert, gen, google, hallo zusammen, install.exe, kostenlos, kurze, laptop, meldung, meldungen, nicht möglich, nutzen, online, probleme, programme, richtlinie, server, update, verseucht, virus, ärgerlich |
Linear-Darstellung
