| |
| |||||||
Log-Analyse und Auswertung: externe festplatte zeigt nur noch verknüpfungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.02.2013, 20:16
| #1 |
 |  externe festplatte zeigt nur noch verknüpfungen malwarbytes läuft jetzt gerade Ergebniss malwarebytes: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.11.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: GSTREIN [Administrator] Schutz: Aktiviert 11.02.2013 20:07:43 mbam-log-2013-02-11 (20-07-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442856 Laufzeit: 1 Stunde(n), 13 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 10:48:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,94% Memory free
15,96 Gb Paging File | 13,32 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,20 Gb Total Space | 336,21 Gb Free Space | 73,54% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 32,78 Gb Free Space | 14,08% Space Free | Partition Type: FAT32
Computer Name: GSTREIN | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0548CA29-25EE-423F-AE8A-58AB1FDDF616}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C58CBE9-0A3C-4BF7-8F97-AEB17D65F5FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{24F4AB9A-DD89-4901-BA17-5D577D5577DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{32A9F80E-3FE3-4DB6-9E0E-4399EBDC5E3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A43C3ED-CF3C-46AC-AB95-3310D81C7C7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CACEA92-A471-4FA1-987C-7833FB908AD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FB4B256-8084-47E1-A7B8-8195B7783B01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D6189F2-E174-4849-9448-428B320DC15A}" = lport=139 | protocol=6 | dir=in | app=system |
"{5312B66A-1025-4E73-BAE1-0FAE3B7DD619}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CE0357-8F77-480E-B429-5D65B68C2296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{678D22E2-E649-4DCD-BD33-51379669EFD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B154033-A3EB-4D44-A6F5-830A0B665EBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E424307-EA71-4AE7-A09F-54C3DD48EF45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7268AF62-CCD0-427E-932C-81421BBEBEB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CDCCBC4-DFFF-4126-81B8-E017E1AFF250}" = lport=138 | protocol=17 | dir=in | app=system |
"{95E7362A-D71F-43CE-BD19-996FEB56C7F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97A97EF2-06AA-4C2A-AE02-D1B862175C54}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2417BA6-0C28-45DF-89BE-826E4DD912B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4005E90-5BD7-443A-A033-B99CFB2C7D28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E48500D9-B13E-45E3-9B99-9F3DA952F8FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5C85D36-698B-41BE-8146-3C7469437960}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7823E8E-8EA4-4A04-B1BB-082B2129E7D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9211B9D-A173-4D5A-8888-7E55336A2A7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1B65FCE-BAB0-42BF-91FC-75A83B0EA3EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3028361-2E90-458F-BF80-D9804F17D147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539ED24-8303-456F-8C8D-E1CA5F2D689C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{06CB3866-CC05-4705-915A-3009900D1287}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17FA086F-8B27-4A36-B47D-67610EBE1800}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C81703D-8306-4188-AFB9-A8EBF3D063EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D68F48C-81C0-45F5-AD05-852B2074DC39}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2CE2DE73-DB99-485A-AA2F-C5D0D58BEA37}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{2F75563B-51E6-4A5C-9EF2-32AC206358B6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{379690FE-B304-4A5C-9978-6016B0D7B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39622051-0B1B-44AD-BB97-F5A795AE2FFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{430F2C9F-4BA4-45B0-B9F5-0503A1B111AF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4EC78BBB-D04C-4F51-AE25-AD9B679D41A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{56DC3A77-1AA4-4AC5-B8FE-38A8AF0F3DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5A4E18A7-0287-4637-B1B7-E148A48335C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5DED11C7-4CCF-4DE8-9E70-43DFF76C6819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{608206D9-2A3C-4969-A0AB-6E1A439F792A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6133DF89-0D09-49E6-A595-39D9630569DC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6429BD4C-A3D2-43D0-9F03-DE19979C7EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6583CD53-8A89-4EE0-8347-336EEB1656AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6B0E2DCC-DE87-4500-A48F-CDFB961D63FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89C3723B-1940-4162-8E68-5EA8A631723F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{93D6287F-2DB7-47CC-9CE7-C2689BC9C627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BB9B5A9-4F84-492E-B10E-16811FA465A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{A00A3A64-AC17-4D70-BA03-5D5DC2D3194B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1646D59-FC5C-4B91-B505-91AC906E882A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A4F7BC85-A635-40A7-90C2-60512A7546EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A60D181C-0E4F-4F5B-8B4C-8A3131E02B31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC6F7838-D057-4968-85E1-A323E62027F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCEBD91-5F9E-45E0-9847-BB62BF6832B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AED6D2E1-CC7B-4B8A-A875-BA48B33000DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3DCC080-18F1-440E-B627-64FF116C6D95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B47BA574-492C-4DD3-92F6-F30E977DD2C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B5C50CE3-798C-4828-A09B-3AFBAAB9466B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD4A2348-DB65-49BA-A087-BB48D5BB10A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C19D98EA-24E0-470F-99E7-C8406E282EF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8551DA7-C4D3-4ECB-8496-C965E36F086A}" = protocol=6 | dir=out | app=system |
"{CC371B4C-5B58-4D37-85BF-A804122D65D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D39FD94A-1B7E-475B-80B7-11B74D915D40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DDCC60AA-28BD-4164-94E0-ECB7A76CDDBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E5373401-C4C7-41F3-B8E8-998FF96F2303}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2D0D02B-97B4-423D-98C9-0A2AB86DAD0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5BBF956-8CF8-4F7E-849F-9329243D6494}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager
"{E5961659-16A2-47A7-BB7B-7B951F2B0BB3}" = PC Connectivity Solution 64-bit components
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030F0}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 39
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46C88AD-6239-474A-8690-F9329BD36D7F}" = Remote Play with PlayStation 3
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG PC TuneUp" = AVG PC TuneUp
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Franziskaner Bildschirmschoner_is1" = Franziskaner Bildschirmschoner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.5.712
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"TeamViewer 8" = TeamViewer 8
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2011 08:23:32 | Computer Name = Gstrein | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess
verwendet wird.
Error - 02.01.2012 04:46:54 | Computer Name = Gstrein | Source = MsiInstaller | ID = 11500
Description =
Error - 02.01.2012 08:15:45 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:52 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:54 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:00 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:01 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:03 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:11 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 11:34:37 | Computer Name = Gstrein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e74 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1f5bf644 ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01ccc95845d52606 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 46997e73-3557-11e1-956b-506313e4e1bb
[ OSession Events ]
Error - 22.04.2012 14:46:33 | Computer Name = Gstrein | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.02.2013 02:20:48 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:20:49 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 11.02.2013 02:20:55 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:41:14 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:42:20 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:42:20 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 11.02.2013 02:42:28 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 18:12:44 | Computer Name = Gstrein | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 11.02.2013 18:12:44 | Computer Name = Gstrein | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 12.02.2013 05:42:23 | Computer Name = Gstrein | Source = BROWSER | ID = 8032
Description =
< End of report >
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 10:48:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,94% Memory free
15,96 Gb Paging File | 13,32 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,20 Gb Total Space | 336,21 Gb Free Space | 73,54% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 32,78 Gb Free Space | 14,08% Space Free | Partition Type: FAT32
Computer Name: GSTREIN | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0548CA29-25EE-423F-AE8A-58AB1FDDF616}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C58CBE9-0A3C-4BF7-8F97-AEB17D65F5FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{24F4AB9A-DD89-4901-BA17-5D577D5577DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{32A9F80E-3FE3-4DB6-9E0E-4399EBDC5E3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A43C3ED-CF3C-46AC-AB95-3310D81C7C7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CACEA92-A471-4FA1-987C-7833FB908AD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FB4B256-8084-47E1-A7B8-8195B7783B01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D6189F2-E174-4849-9448-428B320DC15A}" = lport=139 | protocol=6 | dir=in | app=system |
"{5312B66A-1025-4E73-BAE1-0FAE3B7DD619}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CE0357-8F77-480E-B429-5D65B68C2296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{678D22E2-E649-4DCD-BD33-51379669EFD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B154033-A3EB-4D44-A6F5-830A0B665EBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E424307-EA71-4AE7-A09F-54C3DD48EF45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7268AF62-CCD0-427E-932C-81421BBEBEB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CDCCBC4-DFFF-4126-81B8-E017E1AFF250}" = lport=138 | protocol=17 | dir=in | app=system |
"{95E7362A-D71F-43CE-BD19-996FEB56C7F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97A97EF2-06AA-4C2A-AE02-D1B862175C54}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2417BA6-0C28-45DF-89BE-826E4DD912B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4005E90-5BD7-443A-A033-B99CFB2C7D28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E48500D9-B13E-45E3-9B99-9F3DA952F8FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5C85D36-698B-41BE-8146-3C7469437960}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7823E8E-8EA4-4A04-B1BB-082B2129E7D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9211B9D-A173-4D5A-8888-7E55336A2A7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1B65FCE-BAB0-42BF-91FC-75A83B0EA3EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3028361-2E90-458F-BF80-D9804F17D147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539ED24-8303-456F-8C8D-E1CA5F2D689C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{06CB3866-CC05-4705-915A-3009900D1287}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17FA086F-8B27-4A36-B47D-67610EBE1800}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C81703D-8306-4188-AFB9-A8EBF3D063EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D68F48C-81C0-45F5-AD05-852B2074DC39}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2CE2DE73-DB99-485A-AA2F-C5D0D58BEA37}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{2F75563B-51E6-4A5C-9EF2-32AC206358B6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{379690FE-B304-4A5C-9978-6016B0D7B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39622051-0B1B-44AD-BB97-F5A795AE2FFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{430F2C9F-4BA4-45B0-B9F5-0503A1B111AF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4EC78BBB-D04C-4F51-AE25-AD9B679D41A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{56DC3A77-1AA4-4AC5-B8FE-38A8AF0F3DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5A4E18A7-0287-4637-B1B7-E148A48335C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5DED11C7-4CCF-4DE8-9E70-43DFF76C6819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{608206D9-2A3C-4969-A0AB-6E1A439F792A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6133DF89-0D09-49E6-A595-39D9630569DC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6429BD4C-A3D2-43D0-9F03-DE19979C7EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6583CD53-8A89-4EE0-8347-336EEB1656AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6B0E2DCC-DE87-4500-A48F-CDFB961D63FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89C3723B-1940-4162-8E68-5EA8A631723F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{93D6287F-2DB7-47CC-9CE7-C2689BC9C627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BB9B5A9-4F84-492E-B10E-16811FA465A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{A00A3A64-AC17-4D70-BA03-5D5DC2D3194B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1646D59-FC5C-4B91-B505-91AC906E882A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A4F7BC85-A635-40A7-90C2-60512A7546EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A60D181C-0E4F-4F5B-8B4C-8A3131E02B31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC6F7838-D057-4968-85E1-A323E62027F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCEBD91-5F9E-45E0-9847-BB62BF6832B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AED6D2E1-CC7B-4B8A-A875-BA48B33000DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3DCC080-18F1-440E-B627-64FF116C6D95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B47BA574-492C-4DD3-92F6-F30E977DD2C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B5C50CE3-798C-4828-A09B-3AFBAAB9466B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD4A2348-DB65-49BA-A087-BB48D5BB10A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C19D98EA-24E0-470F-99E7-C8406E282EF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8551DA7-C4D3-4ECB-8496-C965E36F086A}" = protocol=6 | dir=out | app=system |
"{CC371B4C-5B58-4D37-85BF-A804122D65D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D39FD94A-1B7E-475B-80B7-11B74D915D40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DDCC60AA-28BD-4164-94E0-ECB7A76CDDBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E5373401-C4C7-41F3-B8E8-998FF96F2303}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2D0D02B-97B4-423D-98C9-0A2AB86DAD0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5BBF956-8CF8-4F7E-849F-9329243D6494}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager
"{E5961659-16A2-47A7-BB7B-7B951F2B0BB3}" = PC Connectivity Solution 64-bit components
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030F0}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 39
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46C88AD-6239-474A-8690-F9329BD36D7F}" = Remote Play with PlayStation 3
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG PC TuneUp" = AVG PC TuneUp
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Franziskaner Bildschirmschoner_is1" = Franziskaner Bildschirmschoner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.5.712
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"TeamViewer 8" = TeamViewer 8
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2011 08:23:32 | Computer Name = Gstrein | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess
verwendet wird.
Error - 02.01.2012 04:46:54 | Computer Name = Gstrein | Source = MsiInstaller | ID = 11500
Description =
Error - 02.01.2012 08:15:45 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:52 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:54 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:00 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:01 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:03 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:11 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 11:34:37 | Computer Name = Gstrein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e74 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1f5bf644 ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01ccc95845d52606 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 46997e73-3557-11e1-956b-506313e4e1bb
[ OSession Events ]
Error - 22.04.2012 14:46:33 | Computer Name = Gstrein | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.02.2013 02:20:48 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:20:49 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 11.02.2013 02:20:55 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:41:14 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:42:20 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 02:42:20 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 11.02.2013 02:42:28 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 11.02.2013 18:12:44 | Computer Name = Gstrein | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 11.02.2013 18:12:44 | Computer Name = Gstrein | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 12.02.2013 05:42:23 | Computer Name = Gstrein | Source = BROWSER | ID = 8032
Description =
< End of report >
Geändert von gstreinaldo (11.02.2013 um 20:24 Uhr) |
|
12.02.2013, 11:04
| #2 |
| | externe festplatte zeigt nur noch verknüpfungen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12.02.2013 10:48:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,94% Memory free 15,96 Gb Paging File | 13,32 Gb Available in Paging File | 83,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,20 Gb Total Space | 336,21 Gb Free Space | 73,54% Space Free | Partition Type: NTFS Drive D: | 232,83 Gb Total Space | 32,78 Gb Free Space | 14,08% Space Free | Partition Type: FAT32 Computer Name: GSTREIN | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.11 20:38:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Downloads\OTL.exe PRC - [2013.01.10 10:02:12 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.01.10 10:02:08 | 001,475,952 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 02:10:18 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.04.09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe PRC - [2009.11.30 19:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.09.04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1123.78\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.dll MOD - [2013.01.21 22:42:00 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5cf050c8bbcaba774c993810252f5fd7\System.ServiceProcess.ni.dll MOD - [2013.01.21 22:40:13 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll MOD - [2013.01.11 07:50:49 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll MOD - [2013.01.11 07:50:37 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll MOD - [2013.01.11 07:50:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll MOD - [2013.01.11 07:50:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll MOD - [2013.01.11 07:50:23 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll MOD - [2013.01.11 07:50:20 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll MOD - [2013.01.11 07:50:18 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll MOD - [2013.01.11 07:50:13 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.02.09 14:59:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.08 07:53:34 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.08.23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.05.24 14:00:00 | 000,655,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.10.25 16:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.10.25 16:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.10.12 14:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.09.27 14:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2010.09.27 14:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2010.09.27 14:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.09.10 07:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.09.10 07:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.08.11 07:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2006.11.06 13:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.07.25 16:36:36 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64) DRV:64bit: - [2009.11.18 21:03:16 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 21:03:15 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 21:03:15 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 21:03:13 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 21:02:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.06 21:34:48 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.11.05 07:30:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.04 10:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.10.27 21:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2012.07.04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1F0FFB3B-895F-4429-AB35-94C5631A97BA}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{4D50B881-A1DB-45F6-A99D-0A2853EECD07}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deAT386AT386 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEC_deAT386AT386 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={3F5AB38E-9A50-4293-8ADD-2E9D776AD609}&mid=6995e49449e3b4dd11c9e7d1f9abce85-29dcaef3f86894d64e5406071eaedd485590edfd&lang=de&ds=AVG&pr=fr&d=2013-01-28 07:36:52&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A630525F-DBF0-481B-B4C7-D943151A554B}: "URL" = hxxp://at.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_at&p={searchTerms} IE - HKCU\..\SearchScopes\{A6977A65-EDC2-45BE-81D6-97E8744B7EC4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=F9A714E2-A155-422F-A2D2-87F26FBBDE47&apn_sauid=E83ED89D-939E-417B-A528-2A24977CE9B7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{FADC1756-2054-4794-9B68-514DFA1CF8CD}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3227983.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "appbario9 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.orf.at" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1123.78 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39 FF - prefs.js..extensions.enabledAddons: %7B72cabc40-64b2-46ed-8648-26d831761150%7D:10.14.40.128 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227983&SearchSource=2&CUI=UN31433549801422416&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.6.1123.78\{d1538445-ebd9-4c43-882a-854eff8d928c}\FirefoxExtension [2013.02.03 14:23:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] [2010.06.28 11:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2013.02.09 15:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions [2012.11.18 14:26:09 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f} [2013.02.09 15:25:34 | 000,000,000 | ---D | M] (appbario9) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{72cabc40-64b2-46ed-8648-26d831761150} [2013.02.09 15:25:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.12.11 20:51:47 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.28 11:56:16 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012.12.20 07:41:47 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\crossriderapp5060@crossrider.com [2012.10.16 06:49:02 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\helperbar@helperbar.com [2012.12.20 07:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode [2012.12.11 20:36:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.03 14:35:17 | 000,001,074 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\appbario9-customized-web-search.xml [2012.04.20 14:37:55 | 000,002,408 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\askcom.xml [2012.09.18 05:53:25 | 000,002,615 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\Web Search.xml [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.02.03 14:23:40 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.6.1123.78\{D1538445-EBD9-4C43-882A-854EFF8D928C}\FIREFOXEXTENSION [2013.02.09 14:59:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.04 09:54:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:33:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.04 09:54:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.04 09:54:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.04 09:54:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.04 09:54:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B90F8CB0-7349-4503-BEA0-3BFB0CC730B9}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB8C9484-BDD0-485F-9085-847F9BF303D0}: DhcpNameServer = 10.10.11.11 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{d1538~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.08 16:45:32 | 000,000,000 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk /r \??\D:) O34 - HKLM BootExecute: (autocheck autochk /r \??\D:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.11 20:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.11 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2013.02.11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.11 19:27:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.11 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.10 14:56:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\OneNote-Notizbücher [2013.02.09 17:23:36 | 000,000,000 | ---D | C] -- C:\NEU [2013.02.09 15:47:16 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2013.02.09 15:47:16 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2013.02.09 15:47:16 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2013.02.09 15:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013.02.09 15:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.02.09 15:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.02.09 14:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.03 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.02.03 14:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.24 00:03:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\My Videos [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.12 10:00:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.12 09:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 01:34:52 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\AppData\Local\prvlcl.dat [2013.02.11 22:59:11 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.11 22:59:11 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.11 22:59:11 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.11 22:59:11 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.11 22:59:11 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.11 20:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.02.11 20:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.11 19:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 19:12:14 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 19:12:14 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 07:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.11 07:42:16 | 2133,381,119 | -HS- | M] () -- C:\hiberfil.sys [2013.02.10 14:56:47 | 000,001,356 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013.02.09 15:47:13 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.02.09 15:47:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.02.03 14:27:51 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.23 22:14:53 | 000,002,006 | ---- | M] () -- C:\Users\Christoph\Desktop\Samsung Kies (Lite).lnk [2013.01.14 20:26:34 | 000,440,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.11 20:09:16 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.02.11 19:27:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 14:56:47 | 000,001,356 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013.02.09 15:47:13 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.02.09 15:47:13 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.02.09 15:47:12 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013.02.08 07:57:21 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.01.23 22:14:53 | 000,002,006 | ---- | C] () -- C:\Users\Christoph\Desktop\Samsung Kies (Lite).lnk [2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.21 14:02:39 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Local\{B28E6F89-473C-45D8-BCB7-B4D7DB57AE42} [2011.04.25 19:51:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.25 18:58:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.04.25 18:43:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.30 13:00:39 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Local\prvlcl.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.09.11 09:04:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Auslogics [2013.02.09 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG [2012.12.18 07:44:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG2013 [2012.10.07 11:51:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoft [2012.09.18 05:53:09 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.12 09:01:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Fighters [2012.07.07 05:06:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Nokia [2012.10.07 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OpenCandy [2012.07.07 05:04:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PC Suite [2012.10.05 06:18:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Samsung [2012.12.12 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TeamViewer [2013.02.09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > |
|
12.02.2013, 11:16
| #3 |
| | externe festplatte zeigt nur noch verknüpfungen GMER Logfile:
__________________Code:
ATTFilter GMER 2.0.18454 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-12 11:14:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0001 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxddqpob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Windows\SysWOW64\DllHost.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Internet Explorer\IELowutil.exe[6180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1452] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files\Sony\VAIO Care\listener.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ebcfca 5 bytes JMP 00000001743d44c0
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077331401 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077331419 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077331431 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007733144a 2 bytes [33, 77]
.text ... * 9
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773314dd 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773314f5 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007733150d 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077331525 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007733153d 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077331555 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007733156d 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077331585 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007733159d 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773315b5 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773315cd 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773316b2 2 bytes [33, 77]
.text C:\Users\Christoph\Downloads\gmer_2.0.18454.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773316bd 2 bytes [33, 77]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313e4e1bb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313e4e1bb (not active ControlSet)
---- EOF - GMER 2.0 ----
hallo lieger helfer! hab das hier gefunden und versucht: /// TB-Süch-Tiger™ Registriert seit: 12.09.2004 Ort: Twin Peaks Beiträge: 104.622 Externe Festplatte - Ordner werden nur durch Verknüpfungen angezeigt - Standard AW: Externe Festplatte - Ordner werden nur durch Verknüpfungen angezeigt Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...ar-machen.html Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen .... es hat funktioniert...ich kann all meine ordner wieder öffen....die verknüpfungen hab ich gelöscht...hoff das ist in ordnung... meine frage jetzt: ist der virus jetzt immer noch auf meinem system? was kann/muss ich tun?? ich bedanke mich jetzt schon für die hilfe!! DANKE |
|
12.02.2013, 13:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | externe festplatte zeigt nur noch verknüpfungen Hallo und  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte erstmal MBAR dann aswMBR ausführen und die Logs posten: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2013, 14:40
| #5 |
| | externe festplatte zeigt nur noch verknüpfungen Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.04.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: GSTREIN [administrator] 12.02.2013 14:39:41 mbar-log-2013-02-12 (14-39-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30651 Time elapsed: 10 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
12.02.2013, 14:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | externe festplatte zeigt nur noch verknüpfungen Die Logs bitte alle in CODE-Tags posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> externe festplatte zeigt nur noch verknüpfungen |
|
12.02.2013, 14:58
| #7 |
| | externe festplatte zeigt nur noch verknüpfungenCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 14:43:21
-----------------------------
14:43:21.125 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:21.125 Number of processors: 8 586 0x1E05
14:43:21.125 ComputerName: GSTREIN UserName:
14:43:22.935 Initialize success
14:45:05.078 AVAST engine defs: 13021200
14:45:09.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:09.633 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
14:45:09.633 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006d
14:45:09.633 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
14:45:09.633 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
14:45:09.649 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
14:45:09.680 Disk 0 MBR read successfully
14:45:09.695 Disk 0 MBR scan
14:45:09.711 Disk 0 Windows 7 default MBR code
14:45:09.727 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8664 MB offset 2048
14:45:09.742 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 17745920
14:45:09.758 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468174 MB offset 17950720
14:45:09.805 Disk 0 scanning C:\Windows\system32\drivers
14:45:22.940 Service scanning
14:45:45.326 Modules scanning
14:45:45.341 Disk 0 trace - called modules:
14:45:45.357 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:45:45.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085d1790]
14:45:45.373 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8006a42950]
14:45:45.388 5 ACPI.sys[fffff88000f927a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007851050]
14:45:49.382 AVAST engine scan C:\Windows
14:45:52.377 AVAST engine scan C:\Windows\system32
14:48:51.716 AVAST engine scan C:\Windows\system32\drivers
14:49:07.581 AVAST engine scan C:\Users\Christoph
14:54:40.002 AVAST engine scan C:\ProgramData
14:57:32.030 Scan finished successfully
14:57:57.349 Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat"
14:57:57.349 The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt"
|
|
12.02.2013, 15:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | externe festplatte zeigt nur noch verknüpfungen Ok und weiter gehts: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 15:20
| #9 |
| | externe festplatte zeigt nur noch verknüpfungenCode:
ATTFilter 15:18:17.0828 4208 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:18:17.0952 4208 ============================================================
15:18:17.0952 4208 Current date / time: 2013/02/12 15:18:17.0952
15:18:17.0952 4208 SystemInfo:
15:18:17.0952 4208
15:18:17.0952 4208 OS Version: 6.1.7601 ServicePack: 1.0
15:18:17.0952 4208 Product type: Workstation
15:18:17.0952 4208 ComputerName: GSTREIN
15:18:17.0952 4208 UserName: Christoph
15:18:17.0952 4208 Windows directory: C:\Windows
15:18:17.0952 4208 System windows directory: C:\Windows
15:18:17.0952 4208 Running under WOW64
15:18:17.0952 4208 Processor architecture: Intel x64
15:18:17.0952 4208 Number of processors: 8
15:18:17.0952 4208 Page size: 0x1000
15:18:17.0952 4208 Boot type: Normal boot
15:18:17.0952 4208 ============================================================
15:18:18.0530 4208 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:18:18.0545 4208 Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:18:18.0701 4208 ============================================================
15:18:18.0701 4208 \Device\Harddisk0\DR0:
15:18:18.0701 4208 MBR partitions:
15:18:18.0701 4208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10EC800, BlocksNum 0x32000
15:18:18.0701 4208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x111E800, BlocksNum 0x39267030
15:18:18.0701 4208 \Device\Harddisk3\DR3:
15:18:18.0701 4208 MBR partitions:
15:18:18.0701 4208 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
15:18:18.0701 4208 ============================================================
15:18:18.0732 4208 C: <-> \Device\Harddisk0\DR0\Partition2
15:18:18.0732 4208 D: <-> \Device\Harddisk3\DR3\Partition1
15:18:18.0732 4208 ============================================================
15:18:18.0732 4208 Initialize success
15:18:18.0732 4208 ============================================================
15:18:25.0737 5188 ============================================================
15:18:25.0737 5188 Scan started
15:18:25.0737 5188 Mode: Manual;
15:18:25.0737 5188 ============================================================
15:18:26.0361 5188 ================ Scan system memory ========================
15:18:26.0361 5188 System memory - ok
15:18:26.0361 5188 ================ Scan services =============================
15:18:26.0501 5188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:18:26.0517 5188 1394ohci - ok
15:18:26.0579 5188 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:18:26.0579 5188 ACDaemon - ok
15:18:26.0611 5188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:18:26.0611 5188 ACPI - ok
15:18:26.0642 5188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:18:26.0642 5188 AcpiPmi - ok
15:18:26.0782 5188 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:18:26.0782 5188 AdobeFlashPlayerUpdateSvc - ok
15:18:26.0829 5188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:18:26.0829 5188 adp94xx - ok
15:18:26.0845 5188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:18:26.0860 5188 adpahci - ok
15:18:26.0876 5188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:18:26.0876 5188 adpu320 - ok
15:18:26.0907 5188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:18:26.0907 5188 AeLookupSvc - ok
15:18:26.0954 5188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:18:26.0954 5188 AFD - ok
15:18:26.0969 5188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:18:26.0985 5188 agp440 - ok
15:18:27.0001 5188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:18:27.0001 5188 ALG - ok
15:18:27.0001 5188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:18:27.0016 5188 aliide - ok
15:18:27.0032 5188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:18:27.0032 5188 amdide - ok
15:18:27.0047 5188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:18:27.0047 5188 AmdK8 - ok
15:18:27.0063 5188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:18:27.0063 5188 AmdPPM - ok
15:18:27.0079 5188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:18:27.0094 5188 amdsata - ok
15:18:27.0110 5188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:18:27.0110 5188 amdsbs - ok
15:18:27.0125 5188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:18:27.0125 5188 amdxata - ok
15:18:27.0157 5188 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:18:27.0157 5188 androidusb - ok
15:18:27.0188 5188 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:18:27.0188 5188 ApfiltrService - ok
15:18:27.0203 5188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:18:27.0203 5188 AppID - ok
15:18:27.0219 5188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:18:27.0219 5188 AppIDSvc - ok
15:18:27.0250 5188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:18:27.0250 5188 Appinfo - ok
15:18:27.0266 5188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:18:27.0266 5188 arc - ok
15:18:27.0266 5188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:18:27.0266 5188 arcsas - ok
15:18:27.0281 5188 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:18:27.0281 5188 ArcSoftKsUFilter - ok
15:18:27.0313 5188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:27.0313 5188 AsyncMac - ok
15:18:27.0328 5188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:18:27.0328 5188 atapi - ok
15:18:27.0391 5188 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:18:27.0391 5188 athr - ok
15:18:27.0422 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:27.0437 5188 AudioEndpointBuilder - ok
15:18:27.0469 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:18:27.0469 5188 AudioSrv - ok
15:18:27.0656 5188 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:18:27.0812 5188 AVGIDSAgent - ok
15:18:27.0937 5188 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:18:27.0952 5188 AVGIDSDriver - ok
15:18:27.0999 5188 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:18:27.0999 5188 AVGIDSHA - ok
15:18:28.0077 5188 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:18:28.0077 5188 Avgldx64 - ok
15:18:28.0108 5188 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
15:18:28.0124 5188 Avgloga - ok
15:18:28.0139 5188 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:18:28.0155 5188 Avgmfx64 - ok
15:18:28.0186 5188 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:18:28.0186 5188 Avgrkx64 - ok
15:18:28.0217 5188 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:18:28.0217 5188 Avgtdia - ok
15:18:28.0249 5188 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:18:28.0264 5188 avgwd - ok
15:18:28.0280 5188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:18:28.0295 5188 AxInstSV - ok
15:18:28.0327 5188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:18:28.0327 5188 b06bdrv - ok
15:18:28.0358 5188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:28.0358 5188 b57nd60a - ok
15:18:28.0389 5188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:18:28.0389 5188 BDESVC - ok
15:18:28.0405 5188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:18:28.0405 5188 Beep - ok
15:18:28.0436 5188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:18:28.0467 5188 BFE - ok
15:18:28.0498 5188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:18:28.0529 5188 BITS - ok
15:18:28.0529 5188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:18:28.0529 5188 blbdrive - ok
15:18:28.0561 5188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:18:28.0561 5188 bowser - ok
15:18:28.0576 5188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:18:28.0576 5188 BrFiltLo - ok
15:18:28.0592 5188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:18:28.0592 5188 BrFiltUp - ok
15:18:28.0623 5188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:18:28.0639 5188 Browser - ok
15:18:28.0654 5188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:18:28.0654 5188 Brserid - ok
15:18:28.0670 5188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:28.0670 5188 BrSerWdm - ok
15:18:28.0670 5188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:28.0670 5188 BrUsbMdm - ok
15:18:28.0685 5188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:28.0685 5188 BrUsbSer - ok
15:18:28.0701 5188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:18:28.0701 5188 BthEnum - ok
15:18:28.0717 5188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:18:28.0717 5188 BTHMODEM - ok
15:18:28.0717 5188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:18:28.0717 5188 BthPan - ok
15:18:28.0748 5188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:18:28.0763 5188 BTHPORT - ok
15:18:28.0779 5188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:18:28.0779 5188 bthserv - ok
15:18:28.0810 5188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:18:28.0810 5188 BTHUSB - ok
15:18:28.0841 5188 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
15:18:28.0841 5188 btusbflt - ok
15:18:28.0857 5188 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:18:28.0873 5188 btwaudio - ok
15:18:28.0873 5188 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
15:18:28.0873 5188 btwavdt - ok
15:18:28.0935 5188 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:18:28.0966 5188 btwdins - ok
15:18:28.0982 5188 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:18:28.0982 5188 btwl2cap - ok
15:18:28.0982 5188 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:18:28.0982 5188 btwrchid - ok
15:18:28.0997 5188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:18:28.0997 5188 cdfs - ok
15:18:29.0029 5188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:18:29.0029 5188 cdrom - ok
15:18:29.0060 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:18:29.0060 5188 CertPropSvc - ok
15:18:29.0075 5188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:18:29.0075 5188 circlass - ok
15:18:29.0107 5188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:18:29.0107 5188 CLFS - ok
15:18:29.0169 5188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:29.0169 5188 clr_optimization_v2.0.50727_32 - ok
15:18:29.0216 5188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:18:29.0216 5188 clr_optimization_v2.0.50727_64 - ok
15:18:29.0263 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:29.0263 5188 clr_optimization_v4.0.30319_32 - ok
15:18:29.0294 5188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:18:29.0294 5188 clr_optimization_v4.0.30319_64 - ok
15:18:29.0309 5188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:18:29.0309 5188 CmBatt - ok
15:18:29.0325 5188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:18:29.0325 5188 cmdide - ok
15:18:29.0356 5188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:18:29.0356 5188 CNG - ok
15:18:29.0372 5188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:18:29.0372 5188 Compbatt - ok
15:18:29.0403 5188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:18:29.0403 5188 CompositeBus - ok
15:18:29.0403 5188 COMSysApp - ok
15:18:29.0419 5188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:18:29.0419 5188 crcdisk - ok
15:18:29.0465 5188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:18:29.0465 5188 CryptSvc - ok
15:18:29.0512 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:18:29.0512 5188 DcomLaunch - ok
15:18:29.0543 5188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:18:29.0543 5188 defragsvc - ok
15:18:29.0575 5188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:18:29.0575 5188 DfsC - ok
15:18:29.0590 5188 DFUBTUSB - ok
15:18:29.0621 5188 dgderdrv - ok
15:18:29.0637 5188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:18:29.0637 5188 Dhcp - ok
15:18:29.0653 5188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:18:29.0653 5188 discache - ok
15:18:29.0684 5188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:18:29.0684 5188 Disk - ok
15:18:29.0715 5188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:18:29.0715 5188 Dnscache - ok
15:18:29.0746 5188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:18:29.0746 5188 dot3svc - ok
15:18:29.0793 5188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:18:29.0793 5188 DPS - ok
15:18:29.0855 5188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:18:29.0855 5188 drmkaud - ok
15:18:29.0887 5188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:18:29.0887 5188 DXGKrnl - ok
15:18:29.0918 5188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:18:29.0918 5188 EapHost - ok
15:18:29.0980 5188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:18:29.0996 5188 ebdrv - ok
15:18:30.0027 5188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:18:30.0027 5188 EFS - ok
15:18:30.0074 5188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:18:30.0089 5188 ehRecvr - ok
15:18:30.0121 5188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:18:30.0121 5188 ehSched - ok
15:18:30.0136 5188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:18:30.0136 5188 elxstor - ok
15:18:30.0152 5188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:18:30.0152 5188 ErrDev - ok
15:18:30.0183 5188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:18:30.0183 5188 EventSystem - ok
15:18:30.0245 5188 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:18:30.0277 5188 EvtEng - ok
15:18:30.0292 5188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:18:30.0292 5188 exfat - ok
15:18:30.0308 5188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:18:30.0308 5188 fastfat - ok
15:18:30.0339 5188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:18:30.0339 5188 Fax - ok
15:18:30.0355 5188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:18:30.0355 5188 fdc - ok
15:18:30.0370 5188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:18:30.0370 5188 fdPHost - ok
15:18:30.0386 5188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:18:30.0386 5188 FDResPub - ok
15:18:30.0401 5188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:18:30.0401 5188 FileInfo - ok
15:18:30.0401 5188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:18:30.0417 5188 Filetrace - ok
15:18:30.0417 5188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:18:30.0417 5188 flpydisk - ok
15:18:30.0433 5188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:18:30.0433 5188 FltMgr - ok
15:18:30.0479 5188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:18:30.0511 5188 FontCache - ok
15:18:30.0557 5188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:30.0557 5188 FontCache3.0.0.0 - ok
15:18:30.0573 5188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:18:30.0573 5188 FsDepends - ok
15:18:30.0604 5188 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:18:30.0604 5188 fssfltr - ok
15:18:30.0667 5188 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:18:30.0682 5188 fsssvc - ok
15:18:30.0729 5188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:18:30.0729 5188 Fs_Rec - ok
15:18:30.0760 5188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:18:30.0760 5188 fvevol - ok
15:18:30.0776 5188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:18:30.0776 5188 gagp30kx - ok
15:18:30.0823 5188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:18:30.0854 5188 gpsvc - ok
15:18:30.0901 5188 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:30.0901 5188 gupdate - ok
15:18:30.0947 5188 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:30.0947 5188 gupdatem - ok
15:18:30.0963 5188 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:30.0979 5188 gusvc - ok
15:18:30.0994 5188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:18:30.0994 5188 hcw85cir - ok
15:18:31.0025 5188 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:31.0025 5188 HdAudAddService - ok
15:18:31.0041 5188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:18:31.0057 5188 HDAudBus - ok
15:18:31.0057 5188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:18:31.0072 5188 HidBatt - ok
15:18:31.0072 5188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:18:31.0088 5188 HidBth - ok
15:18:31.0103 5188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:18:31.0103 5188 HidIr - ok
15:18:31.0119 5188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:18:31.0119 5188 hidserv - ok
15:18:31.0135 5188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:18:31.0135 5188 HidUsb - ok
15:18:31.0166 5188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:18:31.0166 5188 hkmsvc - ok
15:18:31.0197 5188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:18:31.0213 5188 HomeGroupListener - ok
15:18:31.0259 5188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:18:31.0259 5188 HomeGroupProvider - ok
15:18:31.0291 5188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:18:31.0291 5188 HpSAMD - ok
15:18:31.0337 5188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:18:31.0337 5188 HTTP - ok
15:18:31.0384 5188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:18:31.0384 5188 hwpolicy - ok
15:18:31.0400 5188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:18:31.0400 5188 i8042prt - ok
15:18:31.0462 5188 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:18:31.0478 5188 IAANTMON - ok
15:18:31.0493 5188 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:18:31.0509 5188 iaStor - ok
15:18:31.0540 5188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:18:31.0556 5188 iaStorV - ok
15:18:31.0603 5188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:31.0634 5188 idsvc - ok
15:18:31.0665 5188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:18:31.0665 5188 iirsp - ok
15:18:31.0696 5188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:18:31.0727 5188 IKEEXT - ok
15:18:31.0743 5188 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\drivers\Impcd.sys
15:18:31.0743 5188 Impcd - ok
15:18:31.0821 5188 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:18:31.0852 5188 IntcAzAudAddService - ok
15:18:31.0883 5188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:18:31.0883 5188 intelide - ok
15:18:31.0899 5188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:18:31.0899 5188 intelppm - ok
15:18:31.0915 5188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:18:31.0915 5188 IPBusEnum - ok
15:18:31.0930 5188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:31.0930 5188 IpFilterDriver - ok
15:18:31.0961 5188 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:18:31.0977 5188 iphlpsvc - ok
15:18:32.0008 5188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:18:32.0024 5188 IPMIDRV - ok
15:18:32.0039 5188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:18:32.0039 5188 IPNAT - ok
15:18:32.0055 5188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:18:32.0055 5188 IRENUM - ok
15:18:32.0071 5188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:18:32.0071 5188 isapnp - ok
15:18:32.0102 5188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:18:32.0102 5188 iScsiPrt - ok
15:18:32.0133 5188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:18:32.0133 5188 kbdclass - ok
15:18:32.0149 5188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:18:32.0149 5188 kbdhid - ok
15:18:32.0164 5188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:18:32.0164 5188 KeyIso - ok
15:18:32.0195 5188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:18:32.0195 5188 KSecDD - ok
15:18:32.0227 5188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:18:32.0227 5188 KSecPkg - ok
15:18:32.0242 5188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:18:32.0242 5188 ksthunk - ok
15:18:32.0289 5188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:18:32.0289 5188 KtmRm - ok
15:18:32.0351 5188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:18:32.0351 5188 LanmanServer - ok
15:18:32.0398 5188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:32.0398 5188 LanmanWorkstation - ok
15:18:32.0414 5188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:18:32.0414 5188 lltdio - ok
15:18:32.0429 5188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:18:32.0445 5188 lltdsvc - ok
15:18:32.0461 5188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:18:32.0461 5188 lmhosts - ok
15:18:32.0476 5188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:18:32.0476 5188 LSI_FC - ok
15:18:32.0476 5188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:18:32.0476 5188 LSI_SAS - ok
15:18:32.0476 5188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:18:32.0476 5188 LSI_SAS2 - ok
15:18:32.0492 5188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:18:32.0492 5188 LSI_SCSI - ok
15:18:32.0507 5188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:18:32.0507 5188 luafv - ok
15:18:32.0554 5188 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:18:32.0554 5188 MBAMProtector - ok
15:18:32.0632 5188 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:18:32.0648 5188 MBAMScheduler - ok
15:18:32.0679 5188 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:18:32.0710 5188 MBAMService - ok
15:18:32.0741 5188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:18:32.0741 5188 Mcx2Svc - ok
15:18:32.0757 5188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:18:32.0757 5188 megasas - ok
15:18:32.0773 5188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:18:32.0773 5188 MegaSR - ok
15:18:32.0866 5188 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:18:32.0866 5188 Microsoft Office Groove Audit Service - ok
15:18:32.0882 5188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:18:32.0897 5188 MMCSS - ok
15:18:32.0913 5188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:18:32.0913 5188 Modem - ok
15:18:32.0929 5188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:18:32.0929 5188 monitor - ok
15:18:32.0960 5188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:18:32.0960 5188 mouclass - ok
15:18:32.0975 5188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:18:32.0975 5188 mouhid - ok
15:18:33.0022 5188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:18:33.0022 5188 mountmgr - ok
15:18:33.0069 5188 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:18:33.0069 5188 MozillaMaintenance - ok
15:18:33.0100 5188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:18:33.0100 5188 mpio - ok
15:18:33.0116 5188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:18:33.0116 5188 mpsdrv - ok
15:18:33.0178 5188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:18:33.0209 5188 MpsSvc - ok
15:18:33.0241 5188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:18:33.0241 5188 MRxDAV - ok
15:18:33.0272 5188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:33.0287 5188 mrxsmb - ok
15:18:33.0319 5188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:33.0334 5188 mrxsmb10 - ok
15:18:33.0350 5188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:33.0350 5188 mrxsmb20 - ok
15:18:33.0365 5188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:18:33.0365 5188 msahci - ok
15:18:33.0397 5188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:18:33.0397 5188 msdsm - ok
15:18:33.0412 5188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:18:33.0412 5188 MSDTC - ok
15:18:33.0443 5188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:18:33.0443 5188 Msfs - ok
15:18:33.0459 5188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:18:33.0459 5188 mshidkmdf - ok
15:18:33.0475 5188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:18:33.0475 5188 msisadrv - ok
15:18:33.0506 5188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:18:33.0506 5188 MSiSCSI - ok
15:18:33.0506 5188 msiserver - ok
15:18:33.0521 5188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:18:33.0521 5188 MSKSSRV - ok
15:18:33.0521 5188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:33.0521 5188 MSPCLOCK - ok
15:18:33.0553 5188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:18:33.0553 5188 MSPQM - ok
15:18:33.0584 5188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:18:33.0584 5188 MsRPC - ok
15:18:33.0599 5188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:18:33.0599 5188 mssmbios - ok
15:18:33.0599 5188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:18:33.0599 5188 MSTEE - ok
15:18:33.0615 5188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:18:33.0615 5188 MTConfig - ok
15:18:33.0631 5188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:18:33.0631 5188 Mup - ok
15:18:33.0646 5188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:18:33.0646 5188 napagent - ok
15:18:33.0662 5188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:18:33.0662 5188 NativeWifiP - ok
15:18:33.0709 5188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:18:33.0709 5188 NDIS - ok
15:18:33.0724 5188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:33.0724 5188 NdisCap - ok
15:18:33.0740 5188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:33.0740 5188 NdisTapi - ok
15:18:33.0771 5188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:33.0771 5188 Ndisuio - ok
15:18:33.0802 5188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:33.0818 5188 NdisWan - ok
15:18:33.0849 5188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:18:33.0849 5188 NDProxy - ok
15:18:33.0849 5188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:18:33.0865 5188 NetBIOS - ok
15:18:33.0880 5188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:18:33.0880 5188 NetBT - ok
15:18:33.0896 5188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:18:33.0896 5188 Netlogon - ok
15:18:33.0927 5188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:18:33.0927 5188 Netman - ok
15:18:33.0943 5188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:18:33.0958 5188 netprofm - ok
15:18:33.0989 5188 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:33.0989 5188 NetTcpPortSharing - ok
15:18:34.0114 5188 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:18:34.0145 5188 NETw5s64 - ok
15:18:34.0177 5188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:18:34.0177 5188 nfrd960 - ok
15:18:34.0192 5188 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:18:34.0192 5188 NlaSvc - ok
15:18:34.0239 5188 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
15:18:34.0239 5188 nmwcd - ok
15:18:34.0270 5188 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
15:18:34.0270 5188 nmwcdc - ok
15:18:34.0286 5188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:18:34.0286 5188 Npfs - ok
15:18:34.0301 5188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:18:34.0317 5188 nsi - ok
15:18:34.0317 5188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:18:34.0333 5188 nsiproxy - ok
15:18:34.0395 5188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:18:34.0411 5188 Ntfs - ok
15:18:34.0442 5188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:18:34.0442 5188 Null - ok
15:18:34.0473 5188 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:18:34.0473 5188 NVHDA - ok
15:18:34.0691 5188 [ CA8447574E9DAE22250C723819D3EF96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:34.0754 5188 nvlddmkm - ok
15:18:34.0816 5188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:18:34.0816 5188 nvraid - ok
15:18:34.0832 5188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:18:34.0832 5188 nvstor - ok
15:18:34.0863 5188 [ AD1E49BCEB5D446A271C43BFA8FD71D2 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:18:34.0863 5188 nvsvc - ok
15:18:34.0894 5188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:18:34.0894 5188 nv_agp - ok
15:18:34.0957 5188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:18:34.0972 5188 odserv - ok
15:18:35.0019 5188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:18:35.0019 5188 ohci1394 - ok
15:18:35.0050 5188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:35.0066 5188 ose - ok
15:18:35.0097 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:18:35.0113 5188 p2pimsvc - ok
15:18:35.0144 5188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:18:35.0175 5188 p2psvc - ok
15:18:35.0191 5188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:18:35.0206 5188 Parport - ok
15:18:35.0237 5188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:18:35.0237 5188 partmgr - ok
15:18:35.0253 5188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:18:35.0269 5188 PcaSvc - ok
15:18:35.0300 5188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:18:35.0315 5188 pci - ok
15:18:35.0331 5188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:18:35.0331 5188 pciide - ok
15:18:35.0362 5188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:18:35.0362 5188 pcmcia - ok
15:18:35.0378 5188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:18:35.0378 5188 pcw - ok
15:18:35.0393 5188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:18:35.0409 5188 PEAUTH - ok
15:18:35.0503 5188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:18:35.0503 5188 PerfHost - ok
15:18:35.0581 5188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:18:35.0643 5188 pla - ok
15:18:35.0690 5188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:18:35.0721 5188 PlugPlay - ok
15:18:35.0737 5188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:18:35.0737 5188 PNRPAutoReg - ok
15:18:35.0768 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:18:35.0768 5188 PNRPsvc - ok
15:18:35.0799 5188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:18:35.0815 5188 PolicyAgent - ok
15:18:35.0861 5188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:18:35.0861 5188 Power - ok
15:18:35.0893 5188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:18:35.0893 5188 PptpMiniport - ok
15:18:35.0924 5188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:18:35.0924 5188 Processor - ok
15:18:35.0955 5188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:18:35.0955 5188 ProfSvc - ok
15:18:35.0971 5188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:35.0986 5188 ProtectedStorage - ok
15:18:36.0017 5188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:18:36.0017 5188 Psched - ok
15:18:36.0049 5188 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:18:36.0049 5188 PxHlpa64 - ok
15:18:36.0095 5188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:18:36.0111 5188 ql2300 - ok
15:18:36.0111 5188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:18:36.0111 5188 ql40xx - ok
15:18:36.0189 5188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:18:36.0189 5188 QWAVE - ok
15:18:36.0220 5188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:18:36.0220 5188 QWAVEdrv - ok
15:18:36.0220 5188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:18:36.0220 5188 RasAcd - ok
15:18:36.0251 5188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:36.0251 5188 RasAgileVpn - ok
15:18:36.0267 5188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:18:36.0267 5188 RasAuto - ok
15:18:36.0298 5188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:36.0298 5188 Rasl2tp - ok
15:18:36.0314 5188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:18:36.0329 5188 RasMan - ok
15:18:36.0329 5188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:36.0329 5188 RasPppoe - ok
15:18:36.0345 5188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:18:36.0345 5188 RasSstp - ok
15:18:36.0376 5188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:18:36.0376 5188 rdbss - ok
15:18:36.0392 5188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:18:36.0392 5188 rdpbus - ok
15:18:36.0423 5188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:36.0423 5188 RDPCDD - ok
15:18:36.0439 5188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:18:36.0439 5188 RDPENCDD - ok
15:18:36.0439 5188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:18:36.0454 5188 RDPREFMP - ok
15:18:36.0470 5188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:18:36.0485 5188 RDPWD - ok
15:18:36.0501 5188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:18:36.0501 5188 rdyboost - ok
15:18:36.0595 5188 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:18:36.0626 5188 RegSrvc - ok
15:18:36.0641 5188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:18:36.0657 5188 RemoteAccess - ok
15:18:36.0673 5188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:18:36.0688 5188 RemoteRegistry - ok
15:18:36.0704 5188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:18:36.0704 5188 RFCOMM - ok
15:18:36.0735 5188 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
15:18:36.0735 5188 rimspci - ok
15:18:36.0751 5188 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
15:18:36.0751 5188 risdsnpe - ok
15:18:36.0782 5188 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:18:36.0797 5188 Roxio UPnP Renderer 10 - ok
15:18:36.0813 5188 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:18:36.0813 5188 Roxio Upnp Server 10 - ok
15:18:36.0829 5188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:18:36.0829 5188 RpcEptMapper - ok
15:18:36.0860 5188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:18:36.0860 5188 RpcLocator - ok
15:18:36.0907 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:18:36.0907 5188 RpcSs - ok
15:18:36.0922 5188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:18:36.0922 5188 rspndr - ok
15:18:36.0953 5188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:18:36.0953 5188 SamSs - ok
15:18:36.0985 5188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:18:36.0985 5188 sbp2port - ok
15:18:37.0000 5188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:18:37.0016 5188 SCardSvr - ok
15:18:37.0047 5188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:18:37.0047 5188 scfilter - ok
15:18:37.0094 5188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:18:37.0125 5188 Schedule - ok
15:18:37.0156 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:18:37.0156 5188 SCPolicySvc - ok
15:18:37.0172 5188 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:18:37.0172 5188 sdbus - ok
15:18:37.0219 5188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:18:37.0219 5188 SDRSVC - ok
15:18:37.0250 5188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:18:37.0250 5188 secdrv - ok
15:18:37.0250 5188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:18:37.0265 5188 seclogon - ok
15:18:37.0281 5188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:18:37.0281 5188 SENS - ok
15:18:37.0297 5188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:18:37.0297 5188 SensrSvc - ok
15:18:37.0312 5188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:18:37.0312 5188 Serenum - ok
15:18:37.0312 5188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:18:37.0312 5188 Serial - ok
15:18:37.0328 5188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:18:37.0328 5188 sermouse - ok
15:18:37.0375 5188 [ AAC24421FC74D612A7169C4D4A61B48C ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:18:37.0375 5188 ServiceLayer - ok
15:18:37.0421 5188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:18:37.0421 5188 SessionEnv - ok
15:18:37.0437 5188 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
15:18:37.0437 5188 SFEP - ok
15:18:37.0468 5188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:18:37.0468 5188 sffdisk - ok
15:18:37.0484 5188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:18:37.0484 5188 sffp_mmc - ok
15:18:37.0499 5188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:18:37.0499 5188 sffp_sd - ok
15:18:37.0515 5188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:18:37.0515 5188 sfloppy - ok
15:18:37.0562 5188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:18:37.0577 5188 SharedAccess - ok
15:18:37.0609 5188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:37.0624 5188 ShellHWDetection - ok
15:18:37.0640 5188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:18:37.0640 5188 SiSRaid2 - ok
15:18:37.0640 5188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:18:37.0655 5188 SiSRaid4 - ok
15:18:37.0749 5188 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:18:37.0749 5188 SkypeUpdate - ok
15:18:37.0780 5188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:18:37.0780 5188 Smb - ok
15:18:37.0811 5188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:18:37.0811 5188 SNMPTRAP - ok
15:18:37.0889 5188 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:18:37.0889 5188 SOHCImp - ok
15:18:37.0921 5188 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:18:37.0936 5188 SOHDms - ok
15:18:37.0967 5188 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:18:37.0967 5188 SOHDs - ok
15:18:38.0045 5188 [ B8047E776E50FC2384801083A77900E0 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
15:18:38.0045 5188 SpfService - ok
15:18:38.0077 5188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:18:38.0077 5188 spldr - ok
15:18:38.0123 5188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:18:38.0139 5188 Spooler - ok
15:18:38.0248 5188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:18:38.0357 5188 sppsvc - ok
15:18:38.0389 5188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:18:38.0389 5188 sppuinotify - ok
15:18:38.0435 5188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:18:38.0451 5188 srv - ok
15:18:38.0467 5188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:18:38.0467 5188 srv2 - ok
15:18:38.0482 5188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:18:38.0498 5188 srvnet - ok
15:18:38.0545 5188 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:18:38.0545 5188 ssadbus - ok
15:18:38.0576 5188 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:18:38.0576 5188 ssadmdfl - ok
15:18:38.0591 5188 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:18:38.0591 5188 ssadmdm - ok
15:18:38.0638 5188 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
15:18:38.0638 5188 ssadserd - ok
15:18:38.0669 5188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:18:38.0685 5188 SSDPSRV - ok
15:18:38.0701 5188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:18:38.0701 5188 SstpSvc - ok
15:18:38.0732 5188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:18:38.0732 5188 stexstor - ok
15:18:38.0779 5188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:18:38.0794 5188 stisvc - ok
15:18:38.0841 5188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:18:38.0841 5188 swenum - ok
15:18:38.0872 5188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:18:38.0888 5188 swprv - ok
15:18:38.0966 5188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:18:39.0013 5188 SysMain - ok
15:18:39.0059 5188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:39.0059 5188 TabletInputService - ok
15:18:39.0106 5188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:18:39.0106 5188 TapiSrv - ok
15:18:39.0122 5188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:18:39.0122 5188 TBS - ok
15:18:39.0200 5188 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:18:39.0200 5188 Tcpip - ok
15:18:39.0262 5188 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:18:39.0262 5188 TCPIP6 - ok
15:18:39.0309 5188 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:18:39.0309 5188 tcpipreg - ok
15:18:39.0340 5188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:18:39.0340 5188 TDPIPE - ok
15:18:39.0371 5188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:18:39.0371 5188 TDTCP - ok
15:18:39.0403 5188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:18:39.0403 5188 tdx - ok
15:18:39.0543 5188 [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:18:39.0637 5188 TeamViewer8 - ok
15:18:39.0668 5188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:18:39.0668 5188 TermDD - ok
15:18:39.0699 5188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:18:39.0699 5188 TermService - ok
15:18:39.0730 5188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:18:39.0730 5188 Themes - ok
15:18:39.0746 5188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:18:39.0746 5188 THREADORDER - ok
15:18:39.0761 5188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:18:39.0761 5188 TrkWks - ok
15:18:39.0808 5188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:39.0824 5188 TrustedInstaller - ok
15:18:39.0871 5188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:39.0871 5188 tssecsrv - ok
15:18:39.0871 5188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:18:39.0886 5188 TsUsbFlt - ok
15:18:40.0011 5188 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
15:18:40.0073 5188 TuneUp.UtilitiesSvc - ok
15:18:40.0105 5188 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
15:18:40.0105 5188 TuneUpUtilitiesDrv - ok
15:18:40.0151 5188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:18:40.0151 5188 tunnel - ok
15:18:40.0183 5188 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64 C:\Windows\system32\DRIVERS\TVICHW64.SYS
15:18:40.0183 5188 TVICHW64 - ok
15:18:40.0214 5188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:18:40.0214 5188 uagp35 - ok
15:18:40.0245 5188 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
15:18:40.0261 5188 uCamMonitor - ok
15:18:40.0292 5188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:18:40.0307 5188 udfs - ok
15:18:40.0354 5188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:18:40.0354 5188 UI0Detect - ok
15:18:40.0370 5188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:18:40.0370 5188 uliagpkx - ok
15:18:40.0401 5188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:18:40.0401 5188 umbus - ok
15:18:40.0417 5188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:18:40.0417 5188 UmPass - ok
15:18:40.0448 5188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:18:40.0463 5188 upnphost - ok
15:18:40.0495 5188 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:18:40.0495 5188 upperdev - ok
15:18:40.0526 5188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:40.0526 5188 usbccgp - ok
15:18:40.0557 5188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:18:40.0557 5188 usbcir - ok
15:18:40.0588 5188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:18:40.0604 5188 usbehci - ok
15:18:40.0619 5188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:18:40.0619 5188 usbhub - ok
15:18:40.0651 5188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:18:40.0651 5188 usbohci - ok
15:18:40.0666 5188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:18:40.0666 5188 usbprint - ok
15:18:40.0697 5188 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:18:40.0697 5188 UsbserFilt - ok
15:18:40.0729 5188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:40.0729 5188 USBSTOR - ok
15:18:40.0744 5188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:18:40.0744 5188 usbuhci - ok
15:18:40.0760 5188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:18:40.0760 5188 usbvideo - ok
15:18:40.0791 5188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:18:40.0791 5188 UxSms - ok
15:18:40.0822 5188 [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:18:40.0838 5188 VAIO Entertainment TV Device Arbitration Service - ok
15:18:40.0885 5188 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
15:18:40.0900 5188 VAIO Event Service - ok
15:18:40.0978 5188 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:18:40.0994 5188 VAIO Power Management - ok
15:18:41.0025 5188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:18:41.0025 5188 VaultSvc - ok
15:18:41.0087 5188 [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:18:41.0103 5188 VCFw - ok
15:18:41.0150 5188 [ 07F47A1DF726537313C1023515175532 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:18:41.0181 5188 VcmIAlzMgr - ok
15:18:41.0212 5188 [ CBB9F0D1017E0BED4CB5BBC0EBF26DC1 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
15:18:41.0228 5188 VcmINSMgr - ok
15:18:41.0275 5188 [ C8E3BA694CC5EACEC4C01660ACE40D56 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:18:41.0275 5188 VcmXmlIfHelper - ok
15:18:41.0321 5188 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
15:18:41.0321 5188 VCService - ok
15:18:41.0337 5188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:18:41.0337 5188 vdrvroot - ok
15:18:41.0399 5188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:18:41.0431 5188 vds - ok
15:18:41.0462 5188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:41.0462 5188 vga - ok
15:18:41.0493 5188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:18:41.0493 5188 VgaSave - ok
15:18:41.0540 5188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:18:41.0540 5188 vhdmp - ok
15:18:41.0587 5188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:18:41.0587 5188 viaide - ok
15:18:41.0602 5188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:18:41.0602 5188 volmgr - ok
15:18:41.0649 5188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:18:41.0649 5188 volmgrx - ok
15:18:41.0696 5188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:18:41.0696 5188 volsnap - ok
15:18:41.0727 5188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:18:41.0727 5188 vsmraid - ok
15:18:41.0805 5188 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
15:18:41.0836 5188 VSNService - ok
15:18:41.0899 5188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:18:41.0945 5188 VSS - ok
15:18:42.0023 5188 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
15:18:42.0070 5188 VUAgent - ok
15:18:42.0086 5188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:18:42.0086 5188 vwifibus - ok
15:18:42.0101 5188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:18:42.0101 5188 vwififlt - ok
15:18:42.0133 5188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:18:42.0133 5188 W32Time - ok
15:18:42.0148 5188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:18:42.0148 5188 WacomPen - ok
15:18:42.0164 5188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:18:42.0179 5188 WANARP - ok
15:18:42.0179 5188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:18:42.0179 5188 Wanarpv6 - ok
15:18:42.0226 5188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:18:42.0257 5188 WatAdminSvc - ok
15:18:42.0289 5188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:18:42.0335 5188 wbengine - ok
15:18:42.0351 5188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:18:42.0351 5188 WbioSrvc - ok
15:18:42.0398 5188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:18:42.0398 5188 wcncsvc - ok
15:18:42.0413 5188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:42.0413 5188 WcsPlugInService - ok
15:18:42.0413 5188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:18:42.0413 5188 Wd - ok
15:18:42.0460 5188 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:18:42.0460 5188 Wdf01000 - ok
15:18:42.0476 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:18:42.0476 5188 WdiServiceHost - ok
15:18:42.0491 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:18:42.0491 5188 WdiSystemHost - ok
15:18:42.0507 5188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:18:42.0507 5188 WebClient - ok
15:18:42.0523 5188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:18:42.0538 5188 Wecsvc - ok
15:18:42.0554 5188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:18:42.0554 5188 wercplsupport - ok
15:18:42.0554 5188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:18:42.0569 5188 WerSvc - ok
15:18:42.0585 5188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:42.0585 5188 WfpLwf - ok
15:18:42.0601 5188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:18:42.0601 5188 WIMMount - ok
15:18:42.0616 5188 WinDefend - ok
15:18:42.0632 5188 WinHttpAutoProxySvc - ok
15:18:42.0679 5188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:18:42.0679 5188 Winmgmt - ok
15:18:42.0725 5188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:18:42.0788 5188 WinRM - ok
15:18:42.0835 5188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:18:42.0835 5188 WinUsb - ok
15:18:42.0850 5188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:18:42.0881 5188 Wlansvc - ok
15:18:42.0897 5188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:18:42.0897 5188 WmiAcpi - ok
15:18:42.0928 5188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:18:42.0928 5188 wmiApSrv - ok
15:18:42.0928 5188 WMPNetworkSvc - ok
15:18:42.0959 5188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:18:42.0959 5188 WPCSvc - ok
15:18:42.0991 5188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:18:42.0991 5188 WPDBusEnum - ok
15:18:43.0037 5188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:18:43.0037 5188 ws2ifsl - ok
15:18:43.0053 5188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:18:43.0053 5188 wscsvc - ok
15:18:43.0053 5188 WSearch - ok
15:18:43.0147 5188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:18:43.0225 5188 wuauserv - ok
15:18:43.0240 5188 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:18:43.0240 5188 WudfPf - ok
15:18:43.0256 5188 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:43.0256 5188 WUDFRd - ok
15:18:43.0287 5188 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:18:43.0287 5188 wudfsvc - ok
15:18:43.0303 5188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:18:43.0318 5188 WwanSvc - ok
15:18:43.0349 5188 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:18:43.0349 5188 yukonw7 - ok
15:18:43.0365 5188 ================ Scan global ===============================
15:18:43.0427 5188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:18:43.0459 5188 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:18:43.0474 5188 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:18:43.0505 5188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:18:43.0521 5188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:18:43.0521 5188 [Global] - ok
15:18:43.0521 5188 ================ Scan MBR ==================================
15:18:43.0537 5188 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:18:43.0833 5188 \Device\Harddisk0\DR0 - ok
15:18:43.0989 5188 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
15:18:43.0989 5188 \Device\Harddisk3\DR3 - ok
15:18:44.0005 5188 ================ Scan VBR ==================================
15:18:44.0005 5188 [ CB54BAC4B3A25BBA133DE84FD35A5D0A ] \Device\Harddisk0\DR0\Partition1
15:18:44.0005 5188 \Device\Harddisk0\DR0\Partition1 - ok
15:18:44.0020 5188 [ C2F99CE4944313CE47C45E6C0E9D7091 ] \Device\Harddisk0\DR0\Partition2
15:18:44.0020 5188 \Device\Harddisk0\DR0\Partition2 - ok
15:18:44.0036 5188 [ 1FB2DBC7D1579063558E111994485F10 ] \Device\Harddisk3\DR3\Partition1
15:18:44.0036 5188 \Device\Harddisk3\DR3\Partition1 - ok
15:18:44.0036 5188 ============================================================
15:18:44.0036 5188 Scan finished
15:18:44.0036 5188 ============================================================
15:18:44.0051 6576 Detected object count: 0
15:18:44.0051 6576 Actual detected object count: 0
|
|
12.02.2013, 15:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | externe festplatte zeigt nur noch verknüpfungen Soweit unauffällig adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 16:17
| #11 |
| | externe festplatte zeigt nur noch verknüpfungenCode:
ATTFilter # AdwCleaner v2.112 - Datei am 12/02/2013 um 15:23:35 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christoph - GSTREIN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Downloads\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\CHRIST~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\searchplugins\Web Search.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Savings Sidekick
Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\Conduit
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\ConduitCommon
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\CT2269050
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\CT3227983
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\{72cabc40-64b2-46ed-8648-26d831761150}
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\extensions\helperbar@helperbar.com
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\Smartbar
Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\52ede8db73aef12
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{31701199-BE5A-46A5-B865-F6F792F6AD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\52ede8db73aef12
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31701199-BE5A-46A5-B865-F6F792F6AD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A61648C-7856-49D9-BA54-2958765D5F4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DB115FA-4696-4205-BD63-3B24CB693CA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49A2C20F-0CCD-4E33-9103-61EDCF9F424E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=1aa5792a-8261-4313-9ef0-398a337ce2b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\6turdhjb.default\prefs.js
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Tue Jul 31 2012 20:37:12 GMT+0200");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129568601980692121", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "12-2-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Feb 11 2013 18:49:00 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Dec 12 2012 08:44:49 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "28-6-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstalledDate", "Mon Jun 28 2010 12:56:29 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Feb 11 2013 18:48:57 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Sun Jul 25 2010 14:02:45 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Thu Aug 19 2010 04:01:09 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Mar 23 2011 18:33:17 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.10.0.1", "Mon Apr 23 2012 20:39:18 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 01:16:19 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Sun Jun 03 2012 10:25:52 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 11:26:07 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Aug 26 2012 13:10:18 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Sun Nov 18 2012 14:16:18 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Sat Feb 09 2013 14:44:24 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Tue Jan 01 2013 13:54:18 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Tue Feb 12 2013 10:34:47 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.3.2.1", "Tue Mar 29 2011 07:08:01 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.3.3.2", "Wed Jul 06 2011 23:24:59 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.5.0.12", "Tue Aug 16 2011 21:19:13 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.6.0.10", "Wed Sep 28 2011 21:48:41 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Tue Nov 08 2011 06:11:43 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.0.8", "Thu Dec 08 2011 10:58:24 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.1.0", "Mon Jan 16 2012 22:22:33 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.9.0.3", "Thu Feb 16 2012 23:16:47 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Dec 11 2012 20:30:14 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2269050.SearchBoxWidth", 150);
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "Google");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Feb 11 2013 18:48:56 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Feb 11 2013 18:48:57 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Feb 12 2013 10:34:46 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1360653676");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Dec 10 2012 06:56:27 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN29205443683288396");
Gelöscht : user_pref("CT2269050.ValidationData_Search", 1);
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Dec 12 2012 08:44:50 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C6D716C6E747475");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747372737772747A7A7B242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj0j@l@ka$nn", "247E61393F236B25707879742A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj0j@l@ka$q?", "247E61393F236B256F78777A2A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj4bkf?ha$nn", "247E61393F236B256F7875712A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj69kjf;kc&okchsl-gsmm1[[", "247E61393F236B256F7779742A[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6f@hc@c$nn", "247E61393F236B2576727777782B222D6F42504[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7c==!mgen&pp", "247E61393F236B257670797A732B222D6F425[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj:9=ge=om%oo", "247E61393F236B25767773737A2B222D6F4250[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj;78>!kk", "247E61393F236B25747177792A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj;78>8j>>qep(uc", "247E61393F236B2576737373762B222D6F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj<j9eln>$odg", "247E61393F236B25747276782A212C6E414F44[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj>bha!kk", "247E61393F236B25767879767B2B222D6F4250454E[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj@j6l<f#mm", "247E61393F236B256E6F70712A212C6E414F444D[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjb6e>l@=>%peh", "247E61393F236B2576717273782B222D6F425[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjdjd;<nl$nn", "247E61393F236B25757775762A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!f<", "247E61393F236B25767173712A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!n<", "247E61393F236B2575777479772B222D6F4250454E[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjg<:9i7@b;nb(shk", "247E61393F236B2576777675722B222D6F[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhbah\"kg>od?gb*tt", "247E61393F236B2576747972722B222D[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhf8;i:<$q?", "247E61393F236B2576737477782B222D6F42504[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhf:f4jg=%oo", "247E61393F236B25736F7129202B6D404E434C[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhj7;!kk", "247E61393F236B2573747529202B6D404E434C3179[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji5e k@c", "247E61393F236B2573787229202B6D404E434C3179[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji699<foc%peh", "247E61393F236B2576737579742B222D6F425[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "673E3D6B6B4342437A71757A7620484D4B7E2521517D542A25[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3A6E3B6E406D72457A447445724877484A4C7D217D");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6D716C6E747474787273");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
Gelöscht : user_pref("CT2269050.backendstorage.cb_experience_000", "34353834");
Gelöscht : user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");
Gelöscht : user_pref("CT2269050.backendstorage.cb_user_id_000", "43423732393431333535353434385F46697265666F78")[...]
Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_000", "4154");
Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_001", "4154");
Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "5475652044656320323020323031312030373A34323A35372[...]
Gelöscht : user_pref("CT2269050.backendstorage.cbopenmamsettings", "30");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050current_term", "");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050sdate", "2D31");
Gelöscht : user_pref("CT2269050.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "547565204F637420313620323031322032313A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Gelöscht : user_pref("CT2269050.backendstorage.url_history", "687474703A2F2F7777772E766961676F676F2E64652F66636[...]
Gelöscht : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C6561647365727[...]
Gelöscht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sun Dec 09 2012 07:57:36 GMT+0100");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Feb 11 2013 18:48:57 GMT+0100");
Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Dec 03 2012 20:23:41 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CT3227983.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3227983.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3227983.1000234.TWC_TMP_city", "VIENNA");
Gelöscht : user_pref("CT3227983.1000234.TWC_TMP_country", "AT");
Gelöscht : user_pref("CT3227983.1000234.TWC_country", "AUSTRIA");
Gelöscht : user_pref("CT3227983.1000234.TWC_locId", "AUXX0025");
Gelöscht : user_pref("CT3227983.1000234.TWC_location", "Vienna, Austria");
Gelöscht : user_pref("CT3227983.1000234.TWC_region", "OT");
Gelöscht : user_pref("CT3227983.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT3227983.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT3227983.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"-1°C\",\"tempera[...]
Gelöscht : user_pref("CT3227983.CBOpenMAMSettings.enc", "MA==");
Gelöscht : user_pref("CT3227983.CT3227983ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzcwMzglMj[...]
Gelöscht : user_pref("CT3227983.CT3227983current_term.enc", "");
Gelöscht : user_pref("CT3227983.CT3227983sdate.enc", "MTI=");
Gelöscht : user_pref("CT3227983.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3227983.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3227983.FirstTime", "true");
Gelöscht : user_pref("CT3227983.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3227983.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT3227983.PG_ENABLE", "dHJ1ZQ==");
Gelöscht : user_pref("CT3227983.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT3227983.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Gelöscht : user_pref("CT3227983.UserID", "UN31433549801422416");
Gelöscht : user_pref("CT3227983.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3227983.bDay_InstallDate.enc", "MTItMQ==");
Gelöscht : user_pref("CT3227983.bDay_InstallFromToolbar.enc", "eWVz");
Gelöscht : user_pref("CT3227983.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT3227983.cb_experience_000.enc", "Mzc=");
Gelöscht : user_pref("CT3227983.cb_firstuse0100.enc", "MQ==");
Gelöscht : user_pref("CT3227983.cb_user_id_000.enc", "Q0I4MzAwMDgyMjg5MzhfMTM2MDA5OTk3MzM0NV9GaXJlZm94");
Gelöscht : user_pref("CT3227983.cbcountry_001.enc", "QVQ=");
Gelöscht : user_pref("CT3227983.cbfirsttime.enc", "U3VuIEZlYiAwMyAyMDEzIDE0OjM0OjIzIEdNVCswMTAw");
Gelöscht : user_pref("CT3227983.embeddedsData", "[{\"appId\":\"129837883863670482\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3227983.enableAlerts", "always");
Gelöscht : user_pref("CT3227983.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT3227983.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3227983.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT3227983.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3227983.fixUrls", true);
Gelöscht : user_pref("CT3227983.homepageuserchanged", true);
Gelöscht : user_pref("CT3227983.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Gelöscht : user_pref("CT3227983.installType", "Unknown");
Gelöscht : user_pref("CT3227983.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT3227983.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3227983.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT3227983.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3227983.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3227983.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3227983.keyword", true);
Gelöscht : user_pref("CT3227983.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3227983.lastVersion", "10.14.40.128");
Gelöscht : user_pref("CT3227983.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT3227983.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Gelöscht : user_pref("CT3227983.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\[...]
Gelöscht : user_pref("CT3227983.price-gong.isManagedApp", "true");
Gelöscht : user_pref("CT3227983.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT3227983.search.searchAppId", "129837883863670482");
Gelöscht : user_pref("CT3227983.search.searchCount", "0");
Gelöscht : user_pref("CT3227983.searchInNewTabEnabledByUser", "true");
Gelöscht : user_pref("CT3227983.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3227983.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3227983.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3227983.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3227983.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359898459186");
Gelöscht : user_pref("CT3227983.serviceLayer_services_appsMetadata_lastUpdate", "1360664123577");
Gelöscht : user_pref("CT3227983.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359898458902");
Gelöscht : user_pref("CT3227983.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360664247728");
Gelöscht : user_pref("CT3227983.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359898458838");
Gelöscht : user_pref("CT3227983.serviceLayer_services_searchAPI_lastUpdate", "1360605432359");
Gelöscht : user_pref("CT3227983.serviceLayer_services_serviceMap_lastUpdate", "1360605422583");
Gelöscht : user_pref("CT3227983.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359898458937");
Gelöscht : user_pref("CT3227983.serviceLayer_services_toolbarSettings_lastUpdate", "1360664123625");
Gelöscht : user_pref("CT3227983.serviceLayer_services_translation_lastUpdate", "1360605422577");
Gelöscht : user_pref("CT3227983.settingsINI", true);
Gelöscht : user_pref("CT3227983.smartbar.CTID", "CT3227983");
Gelöscht : user_pref("CT3227983.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3227983.smartbar.homepage", true);
Gelöscht : user_pref("CT3227983.smartbar.toolbarName", "appbario9 ");
Gelöscht : user_pref("CT3227983.toolbarBornServerTime", "3-2-2013");
Gelöscht : user_pref("CT3227983.toolbarCurrentServerTime", "12-2-2013");
Gelöscht : user_pref("CT3227983.url_history0001.enc", "aHR0cDovL3d3dy50cm9qYW5lci1ib2FyZC5kZS83MjYyMy1lcmlubmVy[...]
Gelöscht : user_pref("CT3227983_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CT3244149.autoDisableScopes", -1);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/AT", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"599[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christoph\\AppData\\Roaming\\Mozill[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac7[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 22:38:11 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jul 06 2011 21:56:19 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jul 06 2011 21:56:11 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "ab4d5d81-94c7-4e7f-b99c-fb76ca680efa");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 29 2010 08:44:05 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "97aef459-bbae-46ad-aabd-8ab608bd2ac6");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 10 2012 20:23:4[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 11 2012 20:30:22 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 11 2012 20:30:15 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "54562c8d-4a08-4e7d-afc1-28126d14b429");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "appbario9 Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227983[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3227983");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "appbario9 Customized Web Search");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "U3");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.03.26+22.42.24-toolbar004iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "AUXX0025");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "chrome://browser-region/locale/region.propert[...]
Gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1334929075930");
Gelöscht : user_pref("extensions.asktb.last-v", "3.14.1.100009");
Gelöscht : user_pref("extensions.asktb.locale", "de_US");
Gelöscht : user_pref("extensions.asktb.location", "Vienna,Austria");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.news-native-on", true);
Gelöscht : user_pref("extensions.asktb.o", "100000027");
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1347944017);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.active", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1347944017");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1347944017");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Dec 04 2012 07:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Mon Dec 10 2012 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22AT%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1354602850");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1347944145540");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2283531%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1347944116854");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "38");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Dec 04[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 16);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.ver", 38);
Gelöscht : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gelöscht : user_pref("extensions.crossriderapp5060.apps", "5060");
Gelöscht : user_pref("extensions.crossriderapp5060.bic", "139d7bacaa35020587bb7d9c2edb382f");
Gelöscht : user_pref("extensions.crossriderapp5060.cid", 5060);
Gelöscht : user_pref("extensions.crossriderapp5060.firstrun", false);
Gelöscht : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gelöscht : user_pref("extensions.crossriderapp5060.installationdate", 1347944107);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheck", 22576713);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheckitem", 22576722);
Gelöscht : user_pref("extensions.crossriderapp5060.modetype", "production");
Gelöscht : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227983&SearchSource=2&CU[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.machineId", "I9DYJMUWDWXRKXRHRQ92XPV7PVOESVOBYVQUGGWSDKGLOPTETQ3EVHAHCKGPSYWU/ZT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
*************************
AdwCleaner[S1].txt - [69718 octets] - [12/02/2013 15:23:35]
########## EOF - C:\AdwCleaner[S1].txt - [69779 octets] ##########
Code:
ATTFilter OTL logfile created on: 12.02.2013 16:19:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,10% Memory free 15,96 Gb Paging File | 14,02 Gb Available in Paging File | 87,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,20 Gb Total Space | 335,63 Gb Free Space | 73,41% Space Free | Partition Type: NTFS Drive D: | 232,83 Gb Total Space | 32,78 Gb Free Space | 14,08% Space Free | Partition Type: FAT32 Computer Name: GSTREIN | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5cf050c8bbcaba774c993810252f5fd7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{1F0FFB3B-895F-4429-AB35-94C5631A97BA}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{4D50B881-A1DB-45F6-A99D-0A2853EECD07}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deAT386AT386 IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEC_deAT386AT386 IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{A630525F-DBF0-481B-B4C7-D943151A554B}: "URL" = hxxp://at.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_at&p={searchTerms} IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{A6977A65-EDC2-45BE-81D6-97E8744B7EC4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=F9A714E2-A155-422F-A2D2-87F26FBBDE47&apn_sauid=E83ED89D-939E-417B-A528-2A24977CE9B7 IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{FADC1756-2054-4794-9B68-514DFA1CF8CD}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.orf.at" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.09 14:59:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.09 14:59:46 | 000,000,000 | ---D | M] [2010.06.28 11:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2013.02.12 15:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions [2012.12.11 20:51:47 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\6turdhjb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.11 20:36:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.03 14:35:17 | 000,001,074 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\appbario9-customized-web-search.xml [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.09 14:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.02.09 14:59:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.04 09:54:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:33:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.04 09:54:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.04 09:54:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.04 09:54:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.04 09:54:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B90F8CB0-7349-4503-BEA0-3BFB0CC730B9}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB8C9484-BDD0-485F-9085-847F9BF303D0}: DhcpNameServer = 10.10.11.11 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.08 16:45:32 | 000,000,000 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk /r \??\D:) O34 - HKLM BootExecute: (autocheck autochk /r \??\D:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 15:17:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2013.02.12 14:41:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2013.02.12 14:27:44 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\mbar-1.01.0.1020 [2013.02.11 20:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.11 19:27:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2013.02.11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.11 19:27:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.11 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.10 14:56:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\OneNote-Notizbücher [2013.02.09 17:23:36 | 000,000,000 | ---D | C] -- C:\NEU [2013.02.09 15:47:16 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2013.02.09 15:47:16 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2013.02.09 15:47:16 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2013.02.09 15:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013.02.09 15:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.02.09 15:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.02.09 14:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.05 22:48:34 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013.02.05 22:48:34 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013.02.05 22:48:34 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013.02.03 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.02.03 14:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.24 00:03:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\My Videos [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.12 16:15:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.12 16:00:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.12 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 15:33:01 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 15:33:01 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 15:30:37 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 15:30:37 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 15:30:37 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 15:30:37 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 15:30:37 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.12 15:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 15:25:29 | 2133,381,119 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 15:24:09 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.12 15:17:52 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2013.02.12 14:57:57 | 000,000,512 | ---- | M] () -- C:\Users\Christoph\Desktop\MBR.dat [2013.02.12 14:42:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2013.02.12 14:26:41 | 013,711,621 | ---- | M] () -- C:\Users\Christoph\Desktop\mbar-1.01.0.1020.zip [2013.02.12 01:34:52 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\AppData\Local\prvlcl.dat [2013.02.11 20:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.02.11 19:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 14:56:47 | 000,001,356 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013.02.09 15:47:13 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.02.09 15:47:13 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.02.08 07:53:34 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 07:53:34 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.03 14:27:51 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.23 22:14:53 | 000,002,006 | ---- | M] () -- C:\Users\Christoph\Desktop\Samsung Kies (Lite).lnk [2013.01.15 16:56:10 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.01.15 16:56:07 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.15 16:53:05 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013.01.15 16:53:01 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013.01.15 16:52:55 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013.01.14 20:26:34 | 000,440,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.12 15:24:00 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.12 14:57:57 | 000,000,512 | ---- | C] () -- C:\Users\Christoph\Desktop\MBR.dat [2013.02.12 14:26:26 | 013,711,621 | ---- | C] () -- C:\Users\Christoph\Desktop\mbar-1.01.0.1020.zip [2013.02.11 20:09:16 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.02.11 19:27:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 14:56:47 | 000,001,356 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013.02.09 15:47:13 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.02.09 15:47:13 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.02.09 15:47:12 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013.02.08 07:57:21 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.01.23 22:14:53 | 000,002,006 | ---- | C] () -- C:\Users\Christoph\Desktop\Samsung Kies (Lite).lnk [2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.21 14:02:39 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Local\{B28E6F89-473C-45D8-BCB7-B4D7DB57AE42} [2011.04.25 19:51:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.25 18:58:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.04.25 18:43:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.30 13:00:39 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Local\prvlcl.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > |
|
12.02.2013, 16:28
| #12 |
| | externe festplatte zeigt nur noch verknüpfungenCode:
ATTFilter OTL Extras logfile created on: 12.02.2013 16:19:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,10% Memory free
15,96 Gb Paging File | 14,02 Gb Available in Paging File | 87,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,20 Gb Total Space | 335,63 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 32,78 Gb Free Space | 14,08% Space Free | Partition Type: FAT32
Computer Name: GSTREIN | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0548CA29-25EE-423F-AE8A-58AB1FDDF616}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C58CBE9-0A3C-4BF7-8F97-AEB17D65F5FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{24F4AB9A-DD89-4901-BA17-5D577D5577DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{32A9F80E-3FE3-4DB6-9E0E-4399EBDC5E3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A43C3ED-CF3C-46AC-AB95-3310D81C7C7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CACEA92-A471-4FA1-987C-7833FB908AD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FB4B256-8084-47E1-A7B8-8195B7783B01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D6189F2-E174-4849-9448-428B320DC15A}" = lport=139 | protocol=6 | dir=in | app=system |
"{5312B66A-1025-4E73-BAE1-0FAE3B7DD619}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CE0357-8F77-480E-B429-5D65B68C2296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{678D22E2-E649-4DCD-BD33-51379669EFD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B154033-A3EB-4D44-A6F5-830A0B665EBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E424307-EA71-4AE7-A09F-54C3DD48EF45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7268AF62-CCD0-427E-932C-81421BBEBEB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CDCCBC4-DFFF-4126-81B8-E017E1AFF250}" = lport=138 | protocol=17 | dir=in | app=system |
"{95E7362A-D71F-43CE-BD19-996FEB56C7F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97A97EF2-06AA-4C2A-AE02-D1B862175C54}" = rport=139 | protocol=6 | dir=out | app=system |
"{A2417BA6-0C28-45DF-89BE-826E4DD912B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4005E90-5BD7-443A-A033-B99CFB2C7D28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E48500D9-B13E-45E3-9B99-9F3DA952F8FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5C85D36-698B-41BE-8146-3C7469437960}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7823E8E-8EA4-4A04-B1BB-082B2129E7D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9211B9D-A173-4D5A-8888-7E55336A2A7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1B65FCE-BAB0-42BF-91FC-75A83B0EA3EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3028361-2E90-458F-BF80-D9804F17D147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539ED24-8303-456F-8C8D-E1CA5F2D689C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{06CB3866-CC05-4705-915A-3009900D1287}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17FA086F-8B27-4A36-B47D-67610EBE1800}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C81703D-8306-4188-AFB9-A8EBF3D063EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D68F48C-81C0-45F5-AD05-852B2074DC39}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2CE2DE73-DB99-485A-AA2F-C5D0D58BEA37}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{2F75563B-51E6-4A5C-9EF2-32AC206358B6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{379690FE-B304-4A5C-9978-6016B0D7B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39622051-0B1B-44AD-BB97-F5A795AE2FFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{430F2C9F-4BA4-45B0-B9F5-0503A1B111AF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4EC78BBB-D04C-4F51-AE25-AD9B679D41A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{56DC3A77-1AA4-4AC5-B8FE-38A8AF0F3DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5A4E18A7-0287-4637-B1B7-E148A48335C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5DED11C7-4CCF-4DE8-9E70-43DFF76C6819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{608206D9-2A3C-4969-A0AB-6E1A439F792A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6133DF89-0D09-49E6-A595-39D9630569DC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6429BD4C-A3D2-43D0-9F03-DE19979C7EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6583CD53-8A89-4EE0-8347-336EEB1656AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6B0E2DCC-DE87-4500-A48F-CDFB961D63FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89C3723B-1940-4162-8E68-5EA8A631723F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{93D6287F-2DB7-47CC-9CE7-C2689BC9C627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BB9B5A9-4F84-492E-B10E-16811FA465A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{A00A3A64-AC17-4D70-BA03-5D5DC2D3194B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1646D59-FC5C-4B91-B505-91AC906E882A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A4F7BC85-A635-40A7-90C2-60512A7546EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A60D181C-0E4F-4F5B-8B4C-8A3131E02B31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC6F7838-D057-4968-85E1-A323E62027F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCEBD91-5F9E-45E0-9847-BB62BF6832B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AED6D2E1-CC7B-4B8A-A875-BA48B33000DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3DCC080-18F1-440E-B627-64FF116C6D95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B47BA574-492C-4DD3-92F6-F30E977DD2C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B5C50CE3-798C-4828-A09B-3AFBAAB9466B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD4A2348-DB65-49BA-A087-BB48D5BB10A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C19D98EA-24E0-470F-99E7-C8406E282EF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8551DA7-C4D3-4ECB-8496-C965E36F086A}" = protocol=6 | dir=out | app=system |
"{CC371B4C-5B58-4D37-85BF-A804122D65D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D39FD94A-1B7E-475B-80B7-11B74D915D40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DDCC60AA-28BD-4164-94E0-ECB7A76CDDBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E5373401-C4C7-41F3-B8E8-998FF96F2303}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2D0D02B-97B4-423D-98C9-0A2AB86DAD0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5BBF956-8CF8-4F7E-849F-9329243D6494}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager
"{E5961659-16A2-47A7-BB7B-7B951F2B0BB3}" = PC Connectivity Solution 64-bit components
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030F0}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 39
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46C88AD-6239-474A-8690-F9329BD36D7F}" = Remote Play with PlayStation 3
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG PC TuneUp" = AVG PC TuneUp
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Franziskaner Bildschirmschoner_is1" = Franziskaner Bildschirmschoner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.5.712
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"TeamViewer 8" = TeamViewer 8
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2233728346-3489156974-3767591072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2011 08:23:32 | Computer Name = Gstrein | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess
verwendet wird.
Error - 02.01.2012 04:46:54 | Computer Name = Gstrein | Source = MsiInstaller | ID = 11500
Description =
Error - 02.01.2012 08:15:45 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:52 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:15:54 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:00 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:01 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:03 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 08:16:11 | Computer Name = Gstrein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.01.2012 11:34:37 | Computer Name = Gstrein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e74 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1f5bf644 ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01ccc95845d52606 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 46997e73-3557-11e1-956b-506313e4e1bb
[ OSession Events ]
Error - 22.04.2012 14:46:33 | Computer Name = Gstrein | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.02.2013 18:12:44 | Computer Name = Gstrein | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 12.02.2013 05:42:23 | Computer Name = Gstrein | Source = BROWSER | ID = 8032
Description =
Error - 12.02.2013 06:58:35 | Computer Name = Gstrein | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?02.?2013 um 11:57:20 unerwartet heruntergefahren.
Error - 12.02.2013 06:58:36 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.02.2013 06:58:38 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 12.02.2013 06:58:47 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.02.2013 10:24:25 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.02.2013 10:25:32 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.02.2013 10:25:33 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 12.02.2013 10:25:42 | Computer Name = Gstrein | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
|
|
12.02.2013, 16:53
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | externe festplatte zeigt nur noch verknüpfungenFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{A6977A65-EDC2-45BE-81D6-97E8744B7EC4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=F9A714E2-A155-422F-A2D2-87F26FBBDE47&apn_sauid=E83ED89D-939E-417B-A528-2A24977CE9B7
IE - HKU\S-1-5-21-2233728346-3489156974-3767591072-1000\..\SearchScopes\{FADC1756-2054-4794-9B68-514DFA1CF8CD}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
[2013.02.03 14:35:17 | 000,001,074 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\appbario9-customized-web-search.xml
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - AutoRun File - [2013.02.08 16:45:32 | 000,000,000 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 17:00
| #14 |
| | externe festplatte zeigt nur noch verknüpfungenCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2233728346-3489156974-3767591072-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A6977A65-EDC2-45BE-81D6-97E8744B7EC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6977A65-EDC2-45BE-81D6-97E8744B7EC4}\ not found.
Registry key HKEY_USERS\S-1-5-21-2233728346-3489156974-3767591072-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FADC1756-2054-4794-9B68-514DFA1CF8CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FADC1756-2054-4794-9B68-514DFA1CF8CD}\ not found.
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\6turdhjb.default\searchplugins\appbario9-customized-web-search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
D:\autorun.inf moved successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christoph\Downloads\cmd.bat deleted successfully.
C:\Users\Christoph\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Christoph
->Temp folder emptied: 348847251 bytes
->Temporary Internet Files folder emptied: 344862106 bytes
->Java cache emptied: 408719 bytes
->FireFox cache emptied: 77425234 bytes
->Flash cache emptied: 928 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4137213 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1684405 bytes
RecycleBin emptied: 6559 bytes
Total Files Cleaned = 741,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 02122013_165607
Files\Folders moved on Reboot...
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF286E3958B664224D.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF4E302929CC98F8A7.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF4F1675C6EC0AE6B8.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF5B954D2F6F247113.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF68E9A38AC361EBE7.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF6DBB7CF7C227AD56.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFAB87D9C8AE277188.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFB5D5DA72E2554C17.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFC6A644616EBC802F.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFE76FFAB31EF60B2A.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.02.2013, 17:04
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | externe festplatte zeigt nur noch verknüpfungen Eine neue Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu externe festplatte zeigt nur noch verknüpfungen |
| externe, externe festplatte, festplatte, gefunde, gen, install.exe, malwarebytes, msiinstaller, nichts, office 2007, picasa, platte, plug-in, verknüpfungen, visual studio |
Textbox. 
Linear-Darstellung
