| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965bWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2013, 22:07
| #1 |
| |  HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Guten Abend Vor zwei Tagen hat auf meinem Computer Avira Free Antivirus Alarm geschlagen und den folgenden Virus gemeldet: HTML/ScrInjec.BW.50 gefunden wurde er in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Ich verwende Windows 8. Auf meinem Computer ist aber auch noch Windows 7 installiert (auf einer anderen Festplatte). Meine eigenen Dateien sind auch noch auf zwei Partitionen aufgeteilt (Dateien und Videos/Fotos). Per Google habe ich zu HTML/ScrInjec.BW.50 nichts brauchbares gefunden. Den Virus habe ich danach mit Avira in die Quarantäne verschoben. Danach habe ich ihn noch bei virustotal.com hochgeladen und dann wieder in die Quarantäne versetzt. Bei virustotal haben 4 der 43 Virenscanner angeschlagen. Den Link zum Resultat habe ich leider nicht mehr. Jetzt bin ich mir sehr unsicher, ob der Computer noch infiziertes ist oder nicht. Deshalb habe ich dann einen Fullscan mit Malwarebytes gemacht. Er hat ein infiziertes Objekt gefunden. Soll ich die Log Datei anhängen? Desweiteren habe ich wie gefordert den Scan mit OTL durchgeführt, hier die Resultate: OTL.txt Code:
ATTFilter OTL logfile created on: 19.02.2013 21:32:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\** **\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free 9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe PRC - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.13 14:21:35 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.07 22:30:02 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.01 09:26:44 | 002,024,960 | ---- | M] (Michel Krämer) -- C:\Program Files (x86)\Spamihilator\spamihilator.exe PRC - [2012.12.20 20:31:04 | 000,373,760 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2010.08.24 09:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe ========== Modules (No Company Name) ========== MOD - [2013.01.01 09:26:45 | 000,279,040 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\sqlite3.dll MOD - [2013.01.01 09:26:45 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\zlib1.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.05.21 18:14:50 | 000,149,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe -- (msvsmon110) SRV - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.09 10:38:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.10.08 19:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.06.07 16:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athurx.sys -- (athur) DRV:64bit: - [2009.03.11 20:18:02 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2009.03.11 20:16:38 | 000,656,896 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95bda.sys -- (hcw95bda) DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2012.07.24 10:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 B7 BC A2 60 EA CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.11 14:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.ch/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.ch/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\** **\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - Extension: Google Drive = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Session Manager = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Turn Off the Lights = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\ CHR - Extension: YouTube = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Download Master = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\ CHR - Extension: Google Reader = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Google Mail = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH) O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH) O4 - HKCU..\Run: [Spotify] C:\Users\** **\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\** **\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E636EAB-DEAB-47B8-9E5D-203EA345D793}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE13D9F8-7CC3-4B02-B657-E6D38F5AAB4F}: DhcpNameServer = 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.19 21:29:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe [2013.02.19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\MigWiz [2013.02.17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes [2013.02.17 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.17 18:42:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.17 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Nuance [2013.02.17 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.16 22:42:20 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Internet Explorer [2013.02.15 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\** **\Valley [2013.02.15 15:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2013.02.15 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine [2013.02.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Avira [2013.02.13 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.13 14:25:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.13 14:25:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.13 14:25:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.12 14:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ [2013.02.12 14:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.02.12 14:33:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.02.12 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Canon [2013.02.08 11:13:41 | 045,673,536 | ---- | C] (Information Factory AG) -- C:\Users\** **\ptw12.exe [2013.02.07 22:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2013.01.24 21:07:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.01.24 21:07:29 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.01.24 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series [2013.01.24 19:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.01.24 19:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.01.24 19:54:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2013.01.24 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.01.24 14:35:15 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Private Tax [2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Information Factory [2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\Information Factory [2013.01.24 14:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Tax [2013.01.24 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Tax 2012 [2013.01.22 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt [2013.01.22 22:29:31 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\IsolatedStorage [2013.01.22 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SysTools PDF Unlocker [4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.19 21:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.19 21:30:41 | 000,000,000 | ---- | M] () -- C:\Users\** **\defogger_reenable [2013.02.19 21:28:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.02.19 21:28:56 | 2507,448,319 | -HS- | M] () -- C:\hiberfil.sys [2013.02.19 21:25:34 | 000,374,784 | ---- | M] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe [2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe [2013.02.19 21:22:42 | 000,050,477 | ---- | M] () -- C:\Users\** **\Desktop\Defogger.exe [2013.02.19 20:35:00 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001UA.job [2013.02.19 18:44:48 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.19 18:44:48 | 000,828,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.19 18:44:48 | 000,774,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.19 18:44:48 | 000,188,018 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.19 18:44:48 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.18 22:35:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001Core.job [2013.02.17 18:42:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 09:42:24 | 000,319,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.15 15:58:32 | 001,065,984 | ---- | M] () -- C:\Users\** **\AppData\Local\file__0.localstorage [2013.02.15 15:48:33 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk [2013.02.13 14:25:17 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.08 13:04:25 | 000,089,969 | ---- | M] () -- G:\Eigene Dokumente\tausendfüssler.html [2013.02.08 11:28:48 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk [2013.02.08 11:14:15 | 045,673,536 | ---- | M] (Information Factory AG) -- C:\Users\** **\ptw12.exe [2013.01.29 21:19:56 | 000,004,472 | ---- | M] () -- G:\Eigene Dokumente\testdatabase.odb [2013.01.29 18:31:37 | 000,002,937 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.html [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif [2013.01.29 18:31:36 | 000,000,905 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif [2013.01.29 18:18:36 | 000,030,720 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.pdf [2013.01.24 17:51:41 | 000,001,058 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.22 22:29:24 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk [4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.19 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\** **\defogger_reenable [2013.02.19 21:29:37 | 000,374,784 | ---- | C] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe [2013.02.19 21:29:37 | 000,050,477 | ---- | C] () -- C:\Users\** **\Desktop\Defogger.exe [2013.02.17 18:42:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 09:42:21 | 000,319,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 20:29:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.15 15:49:11 | 001,065,984 | ---- | C] () -- C:\Users\** **\AppData\Local\file__0.localstorage [2013.02.15 15:48:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk [2013.02.13 14:25:17 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.08 13:04:25 | 000,089,969 | ---- | C] () -- G:\Eigene Dokumente\tausendfüssler.html [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif [2013.01.29 18:31:36 | 000,000,905 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif [2013.01.29 18:31:35 | 000,002,937 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.html [2013.01.29 18:18:35 | 000,030,720 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.pdf [2013.01.29 17:59:11 | 000,004,472 | ---- | C] () -- G:\Eigene Dokumente\testdatabase.odb [2013.01.24 21:08:26 | 000,013,056 | ---- | C] () -- C:\Windows\SysWow64\CNC174AD.TBL [2013.01.24 15:39:14 | 000,000,818 | ---- | C] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saison 2013.lnk [2013.01.24 14:27:35 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk [2013.01.22 22:29:24 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk [2012.12.22 16:46:13 | 001,882,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.05 16:04:12 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll [2012.11.13 17:49:35 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.11 14:06:43 | 000,007,605 | ---- | C] () -- C:\Users\** **\AppData\Local\Resmon.ResmonCfg [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.01.19 13:42:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.05 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Apowersoft [2013.01.22 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt [2013.02.12 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Canon [2013.02.19 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Dropbox [2012.12.19 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\e-academy Inc [2013.01.24 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Information Factory [2013.01.13 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\LyX2.0 [2012.11.20 21:38:42 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Notepad++ [2013.02.17 16:11:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Nuance [2012.11.11 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\OpenOffice.org [2013.01.19 12:11:30 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Origin [2013.02.19 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spamihilator [2013.02.19 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spotify [2012.12.03 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Steganos [2012.12.21 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Stellarium [2012.11.17 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\TeamViewer [2012.11.11 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.02.2013 21:32:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\** **\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS
Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0156CC-1BD5-4338-8F5C-C469531C072E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0EF64744-4ECA-401B-B42A-20D951EDFE60}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CFC6199-04DC-4E26-BFD5-F9A451454C35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FFCFFFA-B51B-4E47-9143-310E543479B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21AF5A53-AED0-4465-995A-E85BF2CEEF49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E730B60-5FA6-4C84-9435-AD59CC1905EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3415F9CA-F65A-4BF8-8B44-A1C6F0CD78C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{386F563D-83A2-4CEE-8E16-848222850A73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DEC5D15-A115-4008-B985-0440CA21843F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A75EC33-9AAC-4EAE-B7E1-E96F2F30D9EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5555CAC0-C4A8-4DB0-A0E3-67354B86B1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79A1A42E-24A4-43EC-9E72-FC627758E1AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{88BAE950-47A4-499C-9171-5C55044665C0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{8B42C9CD-8B93-4D84-AE02-1B6E30924D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90152997-E307-43FF-BB7C-FDD4430138AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970FB209-4424-4484-8CB0-BE5C8950F8E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{A34B0D0C-5D39-4899-B33E-42B9CFC665CD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C370217D-7437-453A-9812-8ACC2FA91CC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB7633F0-BCF9-49E4-A831-152DF9F80AF4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6383789-04EB-41E1-A1FA-FCC5F0D26CC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F750C3F1-ACCF-4184-9AE8-CCC75B30C080}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB8DC12-2194-4F4E-A4AC-6DC77A451390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0400CD16-0A01-408D-B0AA-12C7C1A0CCBA}" = dir=out | name=search.ch |
"{06F404EB-463A-4A33-AB1D-DCE2FD53BDE6}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe |
"{0A99520E-DA62-4515-BA1B-B43ED06DC302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F656C5A-7536-479C-9A6E-61F03C17579B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{14256438-6A95-4382-B3CF-AF2273C11C98}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{165147DB-B144-4EBE-BA4B-DCC746632824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{168A0286-B960-4CE8-AC60-5BA19DD6ACB7}" = dir=out | name=onenote |
"{16D13CFD-DFFC-4C5B-8E5A-6EAC118E33AE}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{17E14C19-F914-4DE2-9393-E3A586C36341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1DD746C2-7DCA-40AD-ADCC-F81AE3CA643E}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{2088B70E-3BDA-4D43-816C-5607B36A9C51}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{28ECFE5F-687C-4591-B47D-6AD1D53BD583}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2A888A1D-A5D0-4C97-AF38-C233AC1D6884}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BF66853-9ED6-40BE-A564-5F9CE0700420}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{2D26DAF6-9A8A-4CDB-B018-FF56D8DD98F0}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2E1CC82F-E270-4DD3-8C92-0A7BA64367CA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3056B10A-76B4-4AC4-91BE-B5AD3CBF293A}" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe |
"{30E6473C-1B7D-48F2-9CA7-E91D1FEAEB5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{314BB11D-8144-4CB6-9D4C-D33877D72EAA}" = dir=out | name=@{pons.wrterbuch_1.4.0.39_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} |
"{320DC909-24AA-4551-A3D5-E8EC55B78374}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{35CEA768-DE42-48E3-BA87-247CC0B31BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{387E2009-B01D-4452-B935-C7D289C277A3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{3C5240AD-5811-410C-B1A6-2AA9415E994B}" = dir=out | name=lightning timer |
"{3FF31916-DAC9-4888-86D7-E9E4DE8CB359}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{446B51CA-7D4E-4A0A-A46B-60CB1FD84DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{44C5BCD1-B306-45FA-A961-69FBF4E185B8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{48F9BDBF-5FC1-4D8C-9B04-7C1E4F7E0E71}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{49808C1C-1829-4E4E-9A62-4CA5C1F6D6F7}" = dir=in | name=onenote |
"{49CD620D-C63F-4038-B5AF-771AA94F78B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4E6BC844-3A54-4A78-AE69-309588223886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{517E1212-2CF4-47A2-A83C-5160AD6D871A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5875A9A6-7EC0-4B5C-A18F-BDD7E9BEBD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4CC1A3-D854-4250-B919-A952256EDAB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA00D3E-1CDF-4E06-ABFA-A2E5AFA49612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{634247FB-1EC8-48E5-B0B6-33327573F68A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{659B81FA-3A44-4FD3-ABFF-0598D8F36E27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65AAA41C-097A-418B-8A69-6534837FA1AD}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6D83B832-1F0F-4C71-9279-A974EBCAC090}" = dir=out | name=tagi-news |
"{6FE701B5-A4B4-450C-BDAE-C897CE641593}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{7189BFF9-F7AE-4333-A629-64536842024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6A703E-A22A-432C-B20F-381C615419CC}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{7DDC3E75-AFFF-4CBE-806A-0164FA589AE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{7FB905C2-5F4C-46BD-8029-7A3609D79027}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F52B9D-1BEB-4042-BFCF-88BD6A7F4095}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8824C4B1-5428-4E01-91E9-BF81C754A718}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8B5F35D9-608F-4E7A-9430-CDDDC58B8AAA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{8C0377A9-66D9-4A42-92D1-F7AB5050E569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E0D2484-391F-4A89-B6E2-0875E5758334}" = dir=out | name=canon inkjet print utility |
"{92F75B6D-62FF-4324-A93C-6CE3FA7587D9}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{9D14D3DF-C15A-4464-9849-6BC8280442D0}" = dir=out | name=wikipedia |
"{A36B9A79-6E03-45DD-9427-2501A81DF464}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AB0F63B6-8F3C-4EE8-B83F-F0B867BF56DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AFDEC594-1189-4BA6-8E06-BAE4CB1B0A49}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B08F5149-5703-44E8-ADD3-A827CD5109BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B3012288-6DD3-4461-A5E2-6FA2D8ED4123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B47B43B6-7A04-4B31-B0BF-3F4EEFC215A8}" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe |
"{C4DC9694-3E66-4BB4-9346-B74712554E66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBC25E8D-8CD4-436E-A092-E7A2C0D16297}" = protocol=6 | dir=out | app=system |
"{CBD8AB40-B882-4569-9380-32288A1EBA70}" = dir=out | name=zattoo live tv |
"{CF6655A1-A111-459D-A416-DAB5161D39BB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DBA526E9-8CFA-4BB8-BB40-1AC639239BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD9569C1-84CA-403F-AD90-523303C4B042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E02041B5-E708-480A-9F78-087623E07D99}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe |
"{E32543DF-DB41-4373-B396-FEBE391D0388}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EFA5CAB9-F92B-4762-8460-DD2E57AFF7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4B50D65-9E75-471D-9BC6-27352A3B1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{FA78BCFA-AD28-4BCE-873E-16408A168043}" = dir=out | name=swiss phone book |
"{FD62C578-04BE-45C9-8FD7-DCC9D1F4F15F}" = dir=out | name=cut the rope |
"{FF51A4FD-51A6-4A9E-8993-902212BEE34B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC0BEF7-CB3C-4995-83FD-556C27828141}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"TCP Query User{0B02FC0E-D50F-4D2B-84F0-7D107CF8147B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{1D4FBF0C-19D2-4678-AFF3-1668D38656CE}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"TCP Query User{294DCE27-7DE2-4077-93F5-55C96F53C455}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{323CC57D-7D93-45C6-880E-503C60E5D4BC}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"TCP Query User{51A64849-E672-4A7A-8B54-9F57AADE27CB}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C766B9F0-754D-48E3-950F-885ECB377E87}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{14339A0C-C842-4264-A19F-656479B72EFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1452CF19-620F-4C7C-B532-457371C4EB47}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"UDP Query User{33B95583-DBCD-4CD4-B3EC-1ED7A7568654}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"UDP Query User{404C5273-7161-4575-B48C-A336697E4E84}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{82E71039-E722-430E-AF4A-0191F7EB5FA5}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DD548ADC-FDCC-4C0A-A9FE-F9217A8D17C9}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}" = PlayReady PC Runtime amd64
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4DD6FB52-0704-4B46-B74E-8010084F33FC}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU
"{988D34CA-25EC-3FDD-95E9-04EE09BC2C85}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB980FC0-2070-43DC-A985-2B1F8F7852F1}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC- DEU
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF58CE95-2DDC-3EE3-A538-71A7646B0EBE}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Stellarium_is1" = Stellarium 0.11.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" = Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{247a1070-c6e4-426b-af1d-5c7942d3ee06}" = Remotetools für Visual Studio 2012 RC
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"6753-7911-9438-6061" = Private Tax 2012 2.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FreePDF_XP" = FreePDF (Remove only)
"LyX2051" = LyX 2.0.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Star Trek Online" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2013 09:38:11 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 944 Startzeit:
01ce092596f71553 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Berichts-ID:
6f650958-7519-11e2-be79-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 12.02.2013 09:41:21 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 99c Startzeit:
01ce0926362b3117 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Berichts-ID:
dff4cde0-7519-11e2-be79-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 12.02.2013 11:51:58 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
Zeitstempel: 0x50108b02 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010137 ID des fehlerhaften
Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0x01ce092ba5db1112 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll Berichtskennung: 21c2e626-752c-11e2-be79-50e5494291c5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 14.02.2013 04:36:28 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ wurde nicht innerhalb
der vorgesehenen Zeit gestartet.
Error - 15.02.2013 08:27:39 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xd0c Startzeit der fehlerhaften Anwendung: 0x01ce0b5b40d12560 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 15831ca8-776b-11e2-be79-50e5494291c5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 17.02.2013 05:04:14 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 17.02.2013 08:56:12 | Computer Name = **s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$ROFOSPA.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RR4UA00.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RO4ZCDP.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 17.02.2013 11:11:27 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: natspeak.exe, Version: 11.50.100.39,
Zeitstempel: 0x4dea2dff Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871,
Zeitstempel: 0x4fee6073 Ausnahmecode: 0x40000015 Fehleroffset: 0x0005beae ID des fehlerhaften
Prozesses: 0xfd8 Startzeit der fehlerhaften Anwendung: 0x01ce0d2109fc584b Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\natspeak.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll
Berichtskennung:
4c70e97d-7914-11e2-be7b-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
959 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:41:52 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 19.02.2013 11:42:43 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 19.02.2013 16:28:16 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 19.02.2013 16:29:15 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x200000000898c. Der Name der Datei ist "\.Trash-999".
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x200000000898e. Der Name der Datei ist "\.Trash-999\files".
Error - 13.02.2013 16:56:29 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 13.02.2013 16:56:30 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 13.02.2013 16:56:33 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 15.02.2013 13:54:19 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 04:42:29 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 03:54:27 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 11:42:36 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 16:29:04 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
Mit freundlichen Grüssen Edit: Ich habe die Datei auch noch an Avira eingesendet, das Resultat ist hier zu finden: https://analysis.avira.com/en/status?uniqueid=NY1XbWJ7I14gdD1QbJ9dxF8GtCKfC2OW&incidentid=1373002 Geändert von pst (19.02.2013 um 22:38 Uhr) |
|
21.02.2013, 21:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo und
__________________ Zitat:
Bitte auch MBAR ausführen: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
22.02.2013, 15:17
| #3 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus
__________________Vielen Dank, dass du dich meines Falls annimmst. Die angesprochene Log-Datei von Malwarebytes habe ich im Anhang angehängt. Danach habe ich wie empfohlen das Malwarebytes Anti-Rootkit heruntergeladen und die mbar.exe gestartet. Dann erscheint aber eine Fehlermeldung, welche ich im Anhang angefügt habe. Muss ich Ja oder Nein drücken? Eine andere Frage: Ich verwende Dropbox, um meine wichtigen Daten zwischen meinem Computer und Laptop aktuall zu halten, könnte sich die Malware über diese auch auf meinen Laptop ausgebreitet haben? Mit freundlichen Grüssen |
|
22.02.2013, 21:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Die Logs bitte immer in CODE-Tags posten aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.02.2013, 22:28
| #5 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Gutenabend Cosinus Entschuldige bitte, dass ich die Logs nicht in CODE Tags gepackt hatte, ich hatte es vergessen. aswMBR stürzte leider während dem Scan ab (der Scan Button konnte ich drücken, danach kam aber die Fehlermeldung, welche unten im Bild zu sehen ist). Ich habe den Test noch 3 mal wiederholt, aber er blieb immer wieder hängen. TDSSKiller funktioniert wie erhofft, hier die Log-Datei: Code:
ATTFilter 22:11:59.0598 4320 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:11:59.0833 4320 ============================================================
22:11:59.0833 4320 Current date / time: 2013/02/22 22:11:59.0833
22:11:59.0833 4320 SystemInfo:
22:11:59.0833 4320
22:11:59.0833 4320 OS Version: 6.2.9200 ServicePack: 0.0
22:11:59.0833 4320 Product type: Workstation
22:11:59.0833 4320 ComputerName: ***-PC
22:11:59.0833 4320 UserName: *** ***
22:11:59.0833 4320 Windows directory: C:\Windows
22:11:59.0833 4320 System windows directory: C:\Windows
22:11:59.0833 4320 Running under WOW64
22:11:59.0833 4320 Processor architecture: Intel x64
22:11:59.0833 4320 Number of processors: 4
22:11:59.0833 4320 Page size: 0x1000
22:11:59.0833 4320 Boot type: Normal boot
22:11:59.0833 4320 ============================================================
22:12:00.0052 4320 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:12:00.0067 4320 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:00.0067 4320 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:00.0098 4320 ============================================================
22:12:00.0098 4320 \Device\Harddisk2\DR2:
22:12:00.0098 4320 MBR partitions:
22:12:00.0098 4320 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:12:00.0098 4320 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23FFA000
22:12:00.0098 4320 \Device\Harddisk0\DR0:
22:12:00.0098 4320 MBR partitions:
22:12:00.0098 4320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEA60000
22:12:00.0098 4320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60800, BlocksNum 0xE764800
22:12:00.0098 4320 \Device\Harddisk1\DR1:
22:12:00.0098 4320 MBR partitions:
22:12:00.0098 4320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C942800
22:12:00.0098 4320 ============================================================
22:12:00.0114 4320 C: <-> \Device\Harddisk1\DR1\Partition1
22:12:00.0114 4320 D: <-> \Device\Harddisk0\DR0\Partition1
22:12:00.0161 4320 F: <-> \Device\Harddisk2\DR2\Partition2
22:12:00.0255 4320 G: <-> \Device\Harddisk0\DR0\Partition2
22:12:00.0255 4320 ============================================================
22:12:00.0255 4320 Initialize success
22:12:00.0255 4320 ============================================================
22:13:52.0979 0556 ============================================================
22:13:52.0979 0556 Scan started
22:13:52.0979 0556 Mode: Manual; SigCheck; TDLFS;
22:13:52.0979 0556 ============================================================
22:13:53.0167 0556 ================ Scan system memory ========================
22:13:53.0167 0556 System memory - ok
22:13:53.0167 0556 ================ Scan services =============================
22:13:53.0198 0556 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
22:13:53.0229 0556 1394ohci - ok
22:13:53.0229 0556 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
22:13:53.0229 0556 3ware - ok
22:13:53.0245 0556 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:13:53.0260 0556 ACPI - ok
22:13:53.0260 0556 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
22:13:53.0260 0556 acpiex - ok
22:13:53.0260 0556 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
22:13:53.0276 0556 acpipagr - ok
22:13:53.0276 0556 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
22:13:53.0276 0556 AcpiPmi - ok
22:13:53.0276 0556 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
22:13:53.0292 0556 acpitime - ok
22:13:53.0292 0556 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:13:53.0307 0556 acsock - ok
22:13:53.0307 0556 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:13:53.0323 0556 adp94xx - ok
22:13:53.0323 0556 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:13:53.0339 0556 adpahci - ok
22:13:53.0339 0556 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:13:53.0354 0556 adpu320 - ok
22:13:53.0354 0556 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:13:53.0370 0556 AeLookupSvc - ok
22:13:53.0370 0556 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
22:13:53.0385 0556 AFD - ok
22:13:53.0385 0556 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:13:53.0401 0556 agp440 - ok
22:13:53.0401 0556 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
22:13:53.0417 0556 ALG - ok
22:13:53.0417 0556 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:13:53.0417 0556 AllUserInstallAgent - ok
22:13:53.0417 0556 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
22:13:53.0432 0556 AmdK8 - ok
22:13:53.0432 0556 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
22:13:53.0432 0556 AmdPPM - ok
22:13:53.0448 0556 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:13:53.0448 0556 amdsata - ok
22:13:53.0448 0556 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:13:53.0464 0556 amdsbs - ok
22:13:53.0464 0556 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:13:53.0479 0556 amdxata - ok
22:13:53.0479 0556 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:13:53.0479 0556 AntiVirSchedulerService - ok
22:13:53.0479 0556 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:13:53.0495 0556 AntiVirService - ok
22:13:53.0495 0556 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
22:13:53.0495 0556 Apowersoft_AudioDevice - ok
22:13:53.0495 0556 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
22:13:53.0510 0556 AppID - ok
22:13:53.0510 0556 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:13:53.0526 0556 AppIDSvc - ok
22:13:53.0526 0556 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
22:13:53.0526 0556 Appinfo - ok
22:13:53.0542 0556 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:13:53.0542 0556 AppMgmt - ok
22:13:53.0542 0556 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
22:13:53.0557 0556 arc - ok
22:13:53.0557 0556 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:13:53.0573 0556 arcsas - ok
22:13:53.0573 0556 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:13:53.0589 0556 aspnet_state - ok
22:13:53.0589 0556 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:13:53.0589 0556 AsyncMac - ok
22:13:53.0589 0556 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:13:53.0604 0556 atapi - ok
22:13:53.0620 0556 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
22:13:53.0651 0556 athur - ok
22:13:53.0651 0556 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:13:53.0651 0556 AudioEndpointBuilder - ok
22:13:53.0667 0556 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:13:53.0682 0556 Audiosrv - ok
22:13:53.0682 0556 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:13:53.0698 0556 avgntflt - ok
22:13:53.0698 0556 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:13:53.0698 0556 avipbb - ok
22:13:53.0698 0556 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:13:53.0714 0556 avkmgr - ok
22:13:53.0714 0556 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:13:53.0714 0556 AxInstSV - ok
22:13:53.0729 0556 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:13:53.0745 0556 b06bdrv - ok
22:13:53.0745 0556 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
22:13:53.0745 0556 BasicDisplay - ok
22:13:53.0760 0556 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
22:13:53.0760 0556 BasicRender - ok
22:13:53.0760 0556 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
22:13:53.0776 0556 BDESVC - ok
22:13:53.0776 0556 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
22:13:53.0776 0556 Beep - ok
22:13:53.0792 0556 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
22:13:53.0807 0556 BFE - ok
22:13:53.0823 0556 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
22:13:53.0839 0556 BITS - ok
22:13:53.0839 0556 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:13:53.0839 0556 bowser - ok
22:13:53.0854 0556 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:13:53.0854 0556 BrokerInfrastructure - ok
22:13:53.0854 0556 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
22:13:53.0870 0556 Browser - ok
22:13:53.0870 0556 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
22:13:53.0870 0556 BthAvrcpTg - ok
22:13:53.0885 0556 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
22:13:53.0901 0556 BthHFEnum - ok
22:13:53.0901 0556 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
22:13:53.0901 0556 bthhfhid - ok
22:13:53.0901 0556 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
22:13:53.0917 0556 BTHMODEM - ok
22:13:53.0917 0556 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
22:13:53.0932 0556 bthserv - ok
22:13:53.0948 0556 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:13:53.0948 0556 cdfs - ok
22:13:53.0964 0556 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
22:13:53.0964 0556 cdrom - ok
22:13:53.0964 0556 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
22:13:53.0979 0556 CertPropSvc - ok
22:13:53.0979 0556 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
22:13:53.0995 0556 circlass - ok
22:13:54.0010 0556 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
22:13:54.0010 0556 CLFS - ok
22:13:54.0026 0556 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
22:13:54.0026 0556 CmBatt - ok
22:13:54.0042 0556 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
22:13:54.0057 0556 CNG - ok
22:13:54.0057 0556 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
22:13:54.0073 0556 CompositeBus - ok
22:13:54.0073 0556 COMSysApp - ok
22:13:54.0073 0556 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
22:13:54.0073 0556 condrv - ok
22:13:54.0104 0556 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:13:54.0104 0556 cphs - ok
22:13:54.0104 0556 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:13:54.0167 0556 CryptSvc - ok
22:13:54.0167 0556 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys
22:13:54.0182 0556 CSC - ok
22:13:54.0198 0556 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll
22:13:54.0214 0556 CscService - ok
22:13:54.0214 0556 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
22:13:54.0214 0556 dam - ok
22:13:54.0229 0556 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
22:13:54.0245 0556 DcomLaunch - ok
22:13:54.0245 0556 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:13:54.0276 0556 defragsvc - ok
22:13:54.0276 0556 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
22:13:54.0292 0556 DeviceAssociationService - ok
22:13:54.0307 0556 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
22:13:54.0307 0556 DeviceInstall - ok
22:13:54.0307 0556 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
22:13:54.0323 0556 Dfsc - ok
22:13:54.0323 0556 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:13:54.0339 0556 Dhcp - ok
22:13:54.0339 0556 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
22:13:54.0354 0556 discache - ok
22:13:54.0354 0556 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
22:13:54.0354 0556 disk - ok
22:13:54.0354 0556 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
22:13:54.0370 0556 dmvsc - ok
22:13:54.0370 0556 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:13:54.0385 0556 Dnscache - ok
22:13:54.0385 0556 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
22:13:54.0401 0556 dot3svc - ok
22:13:54.0401 0556 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
22:13:54.0417 0556 DPS - ok
22:13:54.0417 0556 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:13:54.0417 0556 drmkaud - ok
22:13:54.0432 0556 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
22:13:54.0432 0556 DsmSvc - ok
22:13:54.0448 0556 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:13:54.0479 0556 DXGKrnl - ok
22:13:54.0479 0556 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
22:13:54.0495 0556 Eaphost - ok
22:13:54.0526 0556 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:13:54.0589 0556 ebdrv - ok
22:13:54.0589 0556 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
22:13:54.0604 0556 EFS - ok
22:13:54.0604 0556 [ 4B84E647C934EDFF7F28C4B91A5C0864 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:13:54.0620 0556 ehRecvr - ok
22:13:54.0620 0556 [ 72781EC7A97E44B9651550D7A83D1B96 ] ehSched C:\Windows\ehome\ehsched.exe
22:13:54.0635 0556 ehSched - ok
22:13:54.0635 0556 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
22:13:54.0635 0556 EhStorClass - ok
22:13:54.0651 0556 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:13:54.0651 0556 EhStorTcgDrv - ok
22:13:54.0651 0556 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
22:13:54.0667 0556 ErrDev - ok
22:13:54.0667 0556 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
22:13:54.0682 0556 EventSystem - ok
22:13:54.0682 0556 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
22:13:54.0698 0556 exfat - ok
22:13:54.0698 0556 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:13:54.0714 0556 fastfat - ok
22:13:54.0714 0556 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
22:13:54.0729 0556 Fax - ok
22:13:54.0745 0556 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
22:13:54.0745 0556 fdc - ok
22:13:54.0745 0556 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
22:13:54.0760 0556 fdPHost - ok
22:13:54.0760 0556 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
22:13:54.0776 0556 FDResPub - ok
22:13:54.0776 0556 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
22:13:54.0776 0556 fhsvc - ok
22:13:54.0776 0556 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:13:54.0792 0556 FileInfo - ok
22:13:54.0792 0556 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:13:54.0807 0556 Filetrace - ok
22:13:54.0807 0556 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
22:13:54.0807 0556 flpydisk - ok
22:13:54.0823 0556 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:13:54.0823 0556 FltMgr - ok
22:13:54.0839 0556 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
22:13:54.0870 0556 FontCache - ok
22:13:54.0870 0556 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:13:54.0870 0556 FontCache3.0.0.0 - ok
22:13:54.0885 0556 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:13:54.0885 0556 FsDepends - ok
22:13:54.0885 0556 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:13:54.0901 0556 Fs_Rec - ok
22:13:54.0901 0556 [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe
22:13:54.0901 0556 fussvc ( UnsignedFile.Multi.Generic ) - warning
22:13:54.0901 0556 fussvc - detected UnsignedFile.Multi.Generic (1)
22:13:54.0917 0556 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:13:54.0917 0556 fvevol - ok
22:13:54.0932 0556 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
22:13:54.0932 0556 FxPPM - ok
22:13:54.0932 0556 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:13:54.0948 0556 gagp30kx - ok
22:13:54.0948 0556 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
22:13:54.0948 0556 gencounter - ok
22:13:54.0948 0556 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
22:13:54.0964 0556 GPIOClx0101 - ok
22:13:54.0979 0556 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
22:13:54.0995 0556 gpsvc - ok
22:13:55.0011 0556 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:13:55.0011 0556 gusvc - ok
22:13:55.0026 0556 [ CF990269828B4602718813F9F72B85E0 ] hcw95bda C:\Windows\System32\Drivers\hcw95bda.sys
22:13:55.0026 0556 hcw95bda - ok
22:13:55.0026 0556 [ DE702FE348F7076788084D40D7BA9C27 ] hcw95rc C:\Windows\system32\DRIVERS\hcw95rc.sys
22:13:55.0042 0556 hcw95rc - ok
22:13:55.0042 0556 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:13:55.0057 0556 HdAudAddService - ok
22:13:55.0057 0556 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
22:13:55.0057 0556 HDAudBus - ok
22:13:55.0073 0556 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
22:13:55.0073 0556 HidBatt - ok
22:13:55.0073 0556 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
22:13:55.0089 0556 HidBth - ok
22:13:55.0089 0556 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
22:13:55.0104 0556 hidi2c - ok
22:13:55.0104 0556 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
22:13:55.0120 0556 HidIr - ok
22:13:55.0120 0556 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
22:13:55.0120 0556 hidserv - ok
22:13:55.0120 0556 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
22:13:55.0136 0556 HidUsb - ok
22:13:55.0136 0556 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:13:55.0151 0556 hkmsvc - ok
22:13:55.0151 0556 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:13:55.0167 0556 HomeGroupListener - ok
22:13:55.0167 0556 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:13:55.0182 0556 HomeGroupProvider - ok
22:13:55.0182 0556 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:13:55.0182 0556 HpSAMD - ok
22:13:55.0198 0556 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:13:55.0214 0556 HTTP - ok
22:13:55.0214 0556 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:13:55.0229 0556 hwpolicy - ok
22:13:55.0229 0556 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
22:13:55.0229 0556 hyperkbd - ok
22:13:55.0229 0556 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
22:13:55.0245 0556 HyperVideo - ok
22:13:55.0245 0556 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
22:13:55.0245 0556 i8042prt - ok
22:13:55.0261 0556 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:13:55.0261 0556 iaStorV - ok
22:13:55.0307 0556 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:13:55.0386 0556 igfx - ok
22:13:55.0386 0556 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:13:55.0386 0556 iirsp - ok
22:13:55.0401 0556 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
22:13:55.0417 0556 IKEEXT - ok
22:13:55.0417 0556 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
22:13:55.0432 0556 intelide - ok
22:13:55.0432 0556 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
22:13:55.0432 0556 intelppm - ok
22:13:55.0448 0556 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:13:55.0448 0556 IpFilterDriver - ok
22:13:55.0464 0556 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:13:55.0479 0556 iphlpsvc - ok
22:13:55.0479 0556 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
22:13:55.0495 0556 IPMIDRV - ok
22:13:55.0495 0556 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:13:55.0495 0556 IPNAT - ok
22:13:55.0511 0556 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:13:55.0511 0556 IRENUM - ok
22:13:55.0511 0556 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:13:55.0526 0556 isapnp - ok
22:13:55.0526 0556 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
22:13:55.0542 0556 iScsiPrt - ok
22:13:55.0542 0556 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
22:13:55.0542 0556 kbdclass - ok
22:13:55.0542 0556 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
22:13:55.0557 0556 kbdhid - ok
22:13:55.0557 0556 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
22:13:55.0557 0556 kdnic - ok
22:13:55.0557 0556 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
22:13:55.0573 0556 KeyIso - ok
22:13:55.0573 0556 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:13:55.0573 0556 KSecDD - ok
22:13:55.0589 0556 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:13:55.0589 0556 KSecPkg - ok
22:13:55.0589 0556 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:13:55.0604 0556 ksthunk - ok
22:13:55.0604 0556 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:13:55.0620 0556 KtmRm - ok
22:13:55.0620 0556 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
22:13:55.0636 0556 LanmanServer - ok
22:13:55.0636 0556 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:13:55.0651 0556 LanmanWorkstation - ok
22:13:55.0651 0556 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:13:55.0651 0556 lltdio - ok
22:13:55.0667 0556 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:13:55.0682 0556 lltdsvc - ok
22:13:55.0682 0556 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:13:55.0682 0556 lmhosts - ok
22:13:55.0682 0556 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:13:55.0698 0556 LSI_SAS - ok
22:13:55.0698 0556 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:13:55.0714 0556 LSI_SAS2 - ok
22:13:55.0714 0556 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:13:55.0729 0556 LSI_SCSI - ok
22:13:55.0729 0556 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
22:13:55.0729 0556 LSI_SSS - ok
22:13:55.0745 0556 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
22:13:55.0745 0556 LSM - ok
22:13:55.0761 0556 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
22:13:55.0761 0556 luafv - ok
22:13:55.0761 0556 [ 4448CCEA974F0B15A00EA33FCEDFC062 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:13:55.0776 0556 Mcx2Svc - ok
22:13:55.0776 0556 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
22:13:55.0792 0556 megasas - ok
22:13:55.0792 0556 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:13:55.0807 0556 MegaSR - ok
22:13:55.0807 0556 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
22:13:55.0807 0556 MEIx64 - ok
22:13:55.0807 0556 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
22:13:55.0823 0556 MMCSS - ok
22:13:55.0823 0556 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
22:13:55.0823 0556 Modem - ok
22:13:55.0839 0556 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:13:55.0839 0556 monitor - ok
22:13:55.0839 0556 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
22:13:55.0839 0556 mouclass - ok
22:13:55.0854 0556 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
22:13:55.0854 0556 mouhid - ok
22:13:55.0854 0556 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:13:55.0870 0556 mountmgr - ok
22:13:55.0870 0556 [ ECE7906E074FA5AAC14AF711F65AC979 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:13:55.0870 0556 MozillaMaintenance - ok
22:13:55.0870 0556 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:13:55.0886 0556 mpsdrv - ok
22:13:55.0901 0556 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:13:55.0917 0556 MpsSvc - ok
22:13:55.0917 0556 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:13:55.0932 0556 MRxDAV - ok
22:13:55.0932 0556 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:13:55.0948 0556 mrxsmb - ok
22:13:55.0948 0556 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:13:55.0948 0556 mrxsmb10 - ok
22:13:55.0964 0556 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:13:55.0964 0556 mrxsmb20 - ok
22:13:55.0964 0556 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
22:13:55.0979 0556 MsBridge - ok
22:13:55.0979 0556 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
22:13:55.0995 0556 MSDTC - ok
22:13:55.0995 0556 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:13:56.0011 0556 Msfs - ok
22:13:56.0011 0556 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
22:13:56.0011 0556 msgpiowin32 - ok
22:13:56.0011 0556 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:13:56.0026 0556 mshidkmdf - ok
22:13:56.0026 0556 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
22:13:56.0026 0556 mshidumdf - ok
22:13:56.0026 0556 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:13:56.0042 0556 msisadrv - ok
22:13:56.0042 0556 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:13:56.0042 0556 MSiSCSI - ok
22:13:56.0057 0556 msiserver - ok
22:13:56.0057 0556 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:13:56.0057 0556 MSKSSRV - ok
22:13:56.0057 0556 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
22:13:56.0073 0556 MsLldp - ok
22:13:56.0073 0556 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:13:56.0073 0556 MSPCLOCK - ok
22:13:56.0073 0556 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:13:56.0089 0556 MSPQM - ok
22:13:56.0089 0556 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:13:56.0104 0556 MsRPC - ok
22:13:56.0104 0556 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
22:13:56.0120 0556 mssmbios - ok
22:13:56.0120 0556 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:13:56.0120 0556 MSTEE - ok
22:13:56.0120 0556 [ 10BCBE20D06E718A32888DEEF36D5867 ] msvsmon110 C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe
22:13:56.0136 0556 msvsmon110 - ok
22:13:56.0136 0556 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
22:13:56.0151 0556 MTConfig - ok
22:13:56.0151 0556 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
22:13:56.0151 0556 Mup - ok
22:13:56.0151 0556 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
22:13:56.0167 0556 mvumis - ok
22:13:56.0167 0556 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
22:13:56.0182 0556 napagent - ok
22:13:56.0182 0556 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:13:56.0198 0556 NativeWifiP - ok
22:13:56.0198 0556 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
22:13:56.0214 0556 NcaSvc - ok
22:13:56.0214 0556 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
22:13:56.0229 0556 NcdAutoSetup - ok
22:13:56.0229 0556 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:13:56.0261 0556 NDIS - ok
22:13:56.0261 0556 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:13:56.0276 0556 NdisCap - ok
22:13:56.0276 0556 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:13:56.0276 0556 NdisImPlatform - ok
22:13:56.0292 0556 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:13:56.0292 0556 NdisTapi - ok
22:13:56.0292 0556 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:13:56.0307 0556 Ndisuio - ok
22:13:56.0307 0556 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:56.0307 0556 NdisWan - ok
22:13:56.0323 0556 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:56.0323 0556 NDISWANLEGACY - ok
22:13:56.0323 0556 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:13:56.0339 0556 NDProxy - ok
22:13:56.0339 0556 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
22:13:56.0339 0556 Ndu - ok
22:13:56.0354 0556 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:13:56.0354 0556 NetBIOS - ok
22:13:56.0370 0556 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:13:56.0370 0556 NetBT - ok
22:13:56.0370 0556 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
22:13:56.0386 0556 Netlogon - ok
22:13:56.0386 0556 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
22:13:56.0401 0556 Netman - ok
22:13:56.0401 0556 [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm C:\Windows\System32\netprofmsvc.dll
22:13:56.0417 0556 netprofm - ok
22:13:56.0417 0556 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:13:56.0432 0556 NetTcpPortSharing - ok
22:13:56.0432 0556 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:13:56.0432 0556 nfrd960 - ok
22:13:56.0448 0556 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:13:56.0448 0556 NlaSvc - ok
22:13:56.0464 0556 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:13:56.0464 0556 Npfs - ok
22:13:56.0464 0556 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
22:13:56.0479 0556 npsvctrig - ok
22:13:56.0479 0556 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
22:13:56.0479 0556 nsi - ok
22:13:56.0495 0556 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:13:56.0495 0556 nsiproxy - ok
22:13:56.0511 0556 [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:13:56.0557 0556 Ntfs - ok
22:13:56.0557 0556 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
22:13:56.0573 0556 Null - ok
22:13:56.0682 0556 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:13:56.0901 0556 nvlddmkm - ok
22:13:56.0901 0556 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:13:56.0917 0556 nvraid - ok
22:13:56.0917 0556 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:13:56.0917 0556 nvstor - ok
22:13:56.0932 0556 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:13:56.0948 0556 nvsvc - ok
22:13:56.0964 0556 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:13:56.0995 0556 nvUpdatusService - ok
22:13:56.0995 0556 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:13:56.0995 0556 nv_agp - ok
22:13:57.0011 0556 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:13:57.0011 0556 p2pimsvc - ok
22:13:57.0026 0556 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
22:13:57.0026 0556 p2psvc - ok
22:13:57.0042 0556 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
22:13:57.0042 0556 Parport - ok
22:13:57.0042 0556 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:13:57.0057 0556 partmgr - ok
22:13:57.0057 0556 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:13:57.0073 0556 PcaSvc - ok
22:13:57.0073 0556 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
22:13:57.0089 0556 pci - ok
22:13:57.0089 0556 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
22:13:57.0089 0556 pciide - ok
22:13:57.0104 0556 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:13:57.0104 0556 pcmcia - ok
22:13:57.0104 0556 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
22:13:57.0120 0556 pcw - ok
22:13:57.0120 0556 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
22:13:57.0120 0556 pdc - ok
22:13:57.0136 0556 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:13:57.0151 0556 PEAUTH - ok
22:13:57.0182 0556 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:13:57.0214 0556 PeerDistSvc - ok
22:13:57.0229 0556 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:13:57.0229 0556 PerfHost - ok
22:13:57.0245 0556 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
22:13:57.0276 0556 pla - ok
22:13:57.0276 0556 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:13:57.0292 0556 PlugPlay - ok
22:13:57.0292 0556 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:13:57.0307 0556 PNRPAutoReg - ok
22:13:57.0307 0556 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:13:57.0307 0556 PNRPsvc - ok
22:13:57.0323 0556 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:13:57.0339 0556 PolicyAgent - ok
22:13:57.0339 0556 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
22:13:57.0339 0556 Power - ok
22:13:57.0354 0556 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:13:57.0354 0556 PptpMiniport - ok
22:13:57.0386 0556 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:13:57.0432 0556 PrintNotify - ok
22:13:57.0432 0556 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
22:13:57.0448 0556 Processor - ok
22:13:57.0448 0556 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
22:13:57.0464 0556 ProfSvc - ok
22:13:57.0464 0556 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:13:57.0464 0556 Psched - ok
22:13:57.0479 0556 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
22:13:57.0479 0556 QWAVE - ok
22:13:57.0495 0556 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:13:57.0495 0556 QWAVEdrv - ok
22:13:57.0495 0556 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:13:57.0511 0556 RasAcd - ok
22:13:57.0511 0556 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:13:57.0511 0556 RasAgileVpn - ok
22:13:57.0526 0556 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
22:13:57.0526 0556 RasAuto - ok
22:13:57.0526 0556 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:13:57.0542 0556 Rasl2tp - ok
22:13:57.0542 0556 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
22:13:57.0558 0556 RasMan - ok
22:13:57.0558 0556 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:13:57.0573 0556 RasPppoe - ok
22:13:57.0573 0556 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:13:57.0589 0556 RasSstp - ok
22:13:57.0589 0556 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:13:57.0604 0556 rdbss - ok
22:13:57.0604 0556 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
22:13:57.0604 0556 rdpbus - ok
22:13:57.0620 0556 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:13:57.0620 0556 RDPDR - ok
22:13:57.0620 0556 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:13:57.0636 0556 RdpVideoMiniport - ok
22:13:57.0636 0556 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:13:57.0636 0556 RDPWD - ok
22:13:57.0651 0556 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:13:57.0651 0556 rdyboost - ok
22:13:57.0667 0556 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:13:57.0667 0556 RemoteAccess - ok
22:13:57.0667 0556 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:13:57.0683 0556 RemoteRegistry - ok
22:13:57.0683 0556 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:13:57.0698 0556 RpcEptMapper - ok
22:13:57.0698 0556 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
22:13:57.0698 0556 RpcLocator - ok
22:13:57.0714 0556 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
22:13:57.0729 0556 RpcSs - ok
22:13:57.0729 0556 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:13:57.0745 0556 rspndr - ok
22:13:57.0745 0556 [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
22:13:57.0761 0556 RTL8168 - ok
22:13:57.0761 0556 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
22:13:57.0776 0556 s3cap - ok
22:13:57.0776 0556 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
22:13:57.0776 0556 SamSs - ok
22:13:57.0776 0556 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:13:57.0792 0556 sbp2port - ok
22:13:57.0792 0556 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:13:57.0808 0556 SCardSvr - ok
22:13:57.0808 0556 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:13:57.0808 0556 scfilter - ok
22:13:57.0823 0556 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
22:13:57.0854 0556 Schedule - ok
22:13:57.0854 0556 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:13:57.0870 0556 SCPolicySvc - ok
22:13:57.0870 0556 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
22:13:57.0870 0556 sdbus - ok
22:13:57.0886 0556 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:13:57.0886 0556 SDRSVC - ok
22:13:57.0886 0556 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
22:13:57.0901 0556 sdstor - ok
22:13:57.0901 0556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:13:57.0901 0556 secdrv - ok
22:13:57.0901 0556 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
22:13:57.0917 0556 seclogon - ok
22:13:57.0917 0556 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
22:13:57.0933 0556 SENS - ok
22:13:57.0933 0556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] SensorsSimulatorDriver C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:57.0948 0556 SensorsSimulatorDriver - ok
22:13:57.0948 0556 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:13:57.0948 0556 SensrSvc - ok
22:13:57.0964 0556 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
22:13:57.0964 0556 SerCx - ok
22:13:57.0964 0556 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
22:13:57.0979 0556 Serenum - ok
22:13:57.0979 0556 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
22:13:57.0979 0556 Serial - ok
22:13:57.0979 0556 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
22:13:57.0995 0556 sermouse - ok
22:13:57.0995 0556 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
22:13:58.0011 0556 SessionEnv - ok
22:13:58.0011 0556 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
22:13:58.0026 0556 sfloppy - ok
22:13:58.0026 0556 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:13:58.0042 0556 SharedAccess - ok
22:13:58.0042 0556 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:13:58.0073 0556 ShellHWDetection - ok
22:13:58.0073 0556 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:13:58.0073 0556 SiSRaid2 - ok
22:13:58.0073 0556 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:13:58.0089 0556 SiSRaid4 - ok
22:13:58.0089 0556 [ A42C09C8E60FCDCCE04B722FDD4E8694 ] SLEE_18_DRIVER C:\Windows\Sleen1864.sys
22:13:58.0089 0556 SLEE_18_DRIVER - ok
22:13:58.0104 0556 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:13:58.0104 0556 SNMPTRAP - ok
22:13:58.0104 0556 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
22:13:58.0120 0556 spaceport - ok
22:13:58.0120 0556 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
22:13:58.0136 0556 SpbCx - ok
22:13:58.0136 0556 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
22:13:58.0151 0556 Spooler - ok
22:13:58.0198 0556 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
22:13:58.0261 0556 sppsvc - ok
22:13:58.0261 0556 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:13:58.0276 0556 SQLWriter - ok
22:13:58.0276 0556 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:13:58.0292 0556 srv - ok
22:13:58.0292 0556 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:13:58.0308 0556 srv2 - ok
22:13:58.0323 0556 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:13:58.0323 0556 srvnet - ok
22:13:58.0323 0556 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:13:58.0339 0556 SSDPSRV - ok
22:13:58.0339 0556 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:13:58.0354 0556 SstpSvc - ok
22:13:58.0354 0556 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:13:58.0370 0556 Stereo Service - ok
22:13:58.0370 0556 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:13:58.0386 0556 stexstor - ok
22:13:58.0386 0556 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
22:13:58.0401 0556 stisvc - ok
22:13:58.0401 0556 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
22:13:58.0417 0556 storahci - ok
22:13:58.0417 0556 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:13:58.0417 0556 storflt - ok
22:13:58.0417 0556 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
22:13:58.0433 0556 StorSvc - ok
22:13:58.0433 0556 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:13:58.0433 0556 storvsc - ok
22:13:58.0433 0556 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys
22:13:58.0448 0556 storvsp - ok
22:13:58.0448 0556 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
22:13:58.0464 0556 svsvc - ok
22:13:58.0464 0556 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
22:13:58.0464 0556 swenum - ok
22:13:58.0479 0556 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
22:13:58.0495 0556 swprv - ok
22:13:58.0511 0556 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
22:13:58.0526 0556 SysMain - ok
22:13:58.0542 0556 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:13:58.0542 0556 SystemEventsBroker - ok
22:13:58.0542 0556 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
22:13:58.0558 0556 TabletInputService - ok
22:13:58.0558 0556 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:13:58.0573 0556 TapiSrv - ok
22:13:58.0589 0556 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:13:58.0636 0556 Tcpip - ok
22:13:58.0651 0556 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:13:58.0698 0556 TCPIP6 - ok
22:13:58.0698 0556 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:13:58.0698 0556 tcpipreg - ok
22:13:58.0714 0556 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:13:58.0714 0556 tdx - ok
22:13:58.0714 0556 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
22:13:58.0729 0556 Te.Service ( UnsignedFile.Multi.Generic ) - warning
22:13:58.0729 0556 Te.Service - detected UnsignedFile.Multi.Generic (1)
22:13:58.0745 0556 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:13:58.0792 0556 TeamViewer7 - ok
22:13:58.0792 0556 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
22:13:58.0808 0556 terminpt - ok
22:13:58.0823 0556 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
22:13:58.0839 0556 TermService - ok
22:13:58.0839 0556 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
22:13:58.0854 0556 Themes - ok
22:13:58.0854 0556 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
22:13:58.0854 0556 THREADORDER - ok
22:13:58.0870 0556 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
22:13:58.0870 0556 TimeBroker - ok
22:13:58.0870 0556 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
22:13:58.0886 0556 TPM - ok
22:13:58.0886 0556 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
22:13:58.0901 0556 TrkWks - ok
22:13:58.0901 0556 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:13:58.0901 0556 TrustedInstaller - ok
22:13:58.0917 0556 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:13:58.0917 0556 TsUsbFlt - ok
22:13:58.0917 0556 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
22:13:58.0917 0556 TsUsbGD - ok
22:13:58.0933 0556 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:13:58.0933 0556 tunnel - ok
22:13:58.0933 0556 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:13:58.0948 0556 uagp35 - ok
22:13:58.0948 0556 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
22:13:58.0948 0556 UASPStor - ok
22:13:58.0964 0556 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
22:13:58.0964 0556 UCX01000 - ok
22:13:58.0979 0556 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:13:58.0995 0556 udfs - ok
22:13:58.0995 0556 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:13:58.0995 0556 UI0Detect - ok
22:13:59.0011 0556 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:13:59.0011 0556 uliagpkx - ok
22:13:59.0011 0556 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
22:13:59.0026 0556 umbus - ok
22:13:59.0026 0556 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
22:13:59.0026 0556 UmPass - ok
22:13:59.0026 0556 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
22:13:59.0042 0556 UmRdpService - ok
22:13:59.0058 0556 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
22:13:59.0058 0556 upnphost - ok
22:13:59.0073 0556 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
22:13:59.0073 0556 usbccgp - ok
22:13:59.0073 0556 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
22:13:59.0089 0556 usbcir - ok
22:13:59.0089 0556 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
22:13:59.0104 0556 usbehci - ok
22:13:59.0104 0556 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
22:13:59.0120 0556 usbhub - ok
22:13:59.0136 0556 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
22:13:59.0136 0556 USBHUB3 - ok
22:13:59.0151 0556 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
22:13:59.0151 0556 usbohci - ok
22:13:59.0151 0556 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
22:13:59.0167 0556 usbprint - ok
22:13:59.0167 0556 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
22:13:59.0167 0556 USBSTOR - ok
22:13:59.0167 0556 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
22:13:59.0183 0556 usbuhci - ok
22:13:59.0183 0556 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
22:13:59.0198 0556 USBXHCI - ok
22:13:59.0198 0556 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
22:13:59.0198 0556 VaultSvc - ok
22:13:59.0214 0556 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:13:59.0214 0556 vdrvroot - ok
22:13:59.0229 0556 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
22:13:59.0245 0556 vds - ok
22:13:59.0245 0556 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
22:13:59.0245 0556 VerifierExt - ok
22:13:59.0261 0556 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
22:13:59.0276 0556 vhdmp - ok
22:13:59.0276 0556 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
22:13:59.0276 0556 viaide - ok
22:13:59.0276 0556 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys
22:13:59.0292 0556 Vid - ok
22:13:59.0292 0556 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:13:59.0292 0556 vmbus - ok
22:13:59.0308 0556 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
22:13:59.0308 0556 VMBusHID - ok
22:13:59.0308 0556 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
22:13:59.0323 0556 vmbusr - ok
22:13:59.0323 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
22:13:59.0339 0556 vmicheartbeat - ok
22:13:59.0339 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:13:59.0339 0556 vmickvpexchange - ok
22:13:59.0354 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
22:13:59.0354 0556 vmicrdv - ok
22:13:59.0354 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
22:13:59.0370 0556 vmicshutdown - ok
22:13:59.0370 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
22:13:59.0386 0556 vmictimesync - ok
22:13:59.0386 0556 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
22:13:59.0386 0556 vmicvss - ok
22:13:59.0401 0556 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:13:59.0401 0556 volmgr - ok
22:13:59.0401 0556 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:13:59.0417 0556 volmgrx - ok
22:13:59.0433 0556 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:13:59.0433 0556 volsnap - ok
22:13:59.0448 0556 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
22:13:59.0448 0556 vpci - ok
22:13:59.0448 0556 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
22:13:59.0464 0556 vpcivsp - ok
22:13:59.0464 0556 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:13:59.0479 0556 vpnagent - ok
22:13:59.0479 0556 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
22:13:59.0479 0556 vpnva - ok
22:13:59.0479 0556 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:13:59.0495 0556 vsmraid - ok
22:13:59.0495 0556 [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
22:13:59.0495 0556 VSPerfDrv110 - ok
22:13:59.0511 0556 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
22:13:59.0542 0556 VSS - ok
22:13:59.0558 0556 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
22:13:59.0558 0556 VSTXRAID - ok
22:13:59.0573 0556 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:13:59.0573 0556 vwifibus - ok
22:13:59.0573 0556 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:59.0573 0556 vwififlt - ok
22:13:59.0589 0556 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:59.0589 0556 vwifimp - ok
22:13:59.0589 0556 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
22:13:59.0604 0556 W32Time - ok
22:13:59.0604 0556 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
22:13:59.0620 0556 WacomPen - ok
22:13:59.0620 0556 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:13:59.0620 0556 Wanarp - ok
22:13:59.0636 0556 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:13:59.0636 0556 Wanarpv6 - ok
22:13:59.0651 0556 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
22:13:59.0683 0556 wbengine - ok
22:13:59.0683 0556 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:13:59.0698 0556 WbioSrvc - ok
22:13:59.0698 0556 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
22:13:59.0714 0556 Wcmsvc - ok
22:13:59.0714 0556 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:13:59.0729 0556 wcncsvc - ok
22:13:59.0729 0556 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:13:59.0729 0556 WcsPlugInService - ok
22:13:59.0729 0556 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
22:13:59.0745 0556 Wd - ok
22:13:59.0745 0556 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
22:13:59.0745 0556 WdBoot - ok
22:13:59.0761 0556 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:13:59.0776 0556 Wdf01000 - ok
22:13:59.0792 0556 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
22:13:59.0792 0556 WdFilter - ok
22:13:59.0792 0556 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:13:59.0808 0556 WdiServiceHost - ok
22:13:59.0808 0556 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:13:59.0823 0556 WdiSystemHost - ok
22:13:59.0823 0556 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
22:13:59.0839 0556 WebClient - ok
22:13:59.0839 0556 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:13:59.0854 0556 Wecsvc - ok
22:13:59.0854 0556 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:13:59.0870 0556 wercplsupport - ok
22:13:59.0870 0556 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
22:13:59.0886 0556 WerSvc - ok
22:13:59.0886 0556 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
22:13:59.0901 0556 WFPLWFS - ok
22:13:59.0901 0556 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
22:13:59.0917 0556 WiaRpc - ok
22:13:59.0917 0556 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:13:59.0917 0556 WIMMount - ok
22:13:59.0917 0556 WinDefend - ok
22:13:59.0933 0556 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:13:59.0948 0556 WinHttpAutoProxySvc - ok
22:13:59.0948 0556 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:13:59.0964 0556 Winmgmt - ok
22:13:59.0995 0556 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
22:14:00.0026 0556 WinRM - ok
22:14:00.0042 0556 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
22:14:00.0073 0556 WlanSvc - ok
22:14:00.0089 0556 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
22:14:00.0120 0556 wlidsvc - ok
22:14:00.0120 0556 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
22:14:00.0120 0556 WmiAcpi - ok
22:14:00.0136 0556 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:14:00.0136 0556 wmiApSrv - ok
22:14:00.0136 0556 WMPNetworkSvc - ok
22:14:00.0151 0556 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
22:14:00.0151 0556 wpcfltr - ok
22:14:00.0151 0556 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:14:00.0167 0556 WPCSvc - ok
22:14:00.0167 0556 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:14:00.0167 0556 WPDBusEnum - ok
22:14:00.0183 0556 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
22:14:00.0183 0556 WpdUpFltr - ok
22:14:00.0183 0556 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:14:00.0183 0556 ws2ifsl - ok
22:14:00.0198 0556 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
22:14:00.0198 0556 wscsvc - ok
22:14:00.0198 0556 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
22:14:00.0214 0556 WSDPrintDevice - ok
22:14:00.0214 0556 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\System32\drivers\WSDScan.sys
22:14:00.0214 0556 WSDScan - ok
22:14:00.0214 0556 WSearch - ok
22:14:00.0245 0556 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
22:14:00.0292 0556 WSService - ok
22:14:00.0323 0556 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
22:14:00.0386 0556 wuauserv - ok
22:14:00.0386 0556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:14:00.0401 0556 WudfPf - ok
22:14:00.0401 0556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
22:14:00.0401 0556 WUDFRd - ok
22:14:00.0417 0556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:00.0417 0556 WUDFSensorLP - ok
22:14:00.0417 0556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:14:00.0433 0556 wudfsvc - ok
22:14:00.0433 0556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:00.0448 0556 WUDFWpdFs - ok
22:14:00.0448 0556 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:14:00.0464 0556 WwanSvc - ok
22:14:00.0464 0556 ================ Scan global ===============================
22:14:00.0464 0556 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
22:14:00.0480 0556 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
22:14:00.0480 0556 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
22:14:00.0480 0556 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
22:14:00.0480 0556 [Global] - ok
22:14:00.0480 0556 ================ Scan MBR ==================================
22:14:00.0495 0556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
22:14:00.0683 0556 \Device\Harddisk2\DR2 - ok
22:14:00.0698 0556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:14:00.0776 0556 \Device\Harddisk0\DR0 - ok
22:14:00.0776 0556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:14:00.0792 0556 \Device\Harddisk1\DR1 - ok
22:14:00.0792 0556 ================ Scan VBR ==================================
22:14:00.0792 0556 [ F67AC60B9DE1D55668B0F0452CA9E8FD ] \Device\Harddisk2\DR2\Partition1
22:14:00.0823 0556 \Device\Harddisk2\DR2\Partition1 - ok
22:14:00.0823 0556 [ 0618B62B4BDA0C655CFA0F648C8F87BF ] \Device\Harddisk2\DR2\Partition2
22:14:00.0823 0556 \Device\Harddisk2\DR2\Partition2 - ok
22:14:00.0823 0556 [ 6AB52494C53FB622FA928F03E994C688 ] \Device\Harddisk0\DR0\Partition1
22:14:00.0839 0556 \Device\Harddisk0\DR0\Partition1 - ok
22:14:00.0839 0556 [ 204D3062303C51BAB8C73072603E9A64 ] \Device\Harddisk0\DR0\Partition2
22:14:00.0839 0556 \Device\Harddisk0\DR0\Partition2 - ok
22:14:00.0839 0556 [ 000386B5E9B7E0523C5EB31B424D5487 ] \Device\Harddisk1\DR1\Partition1
22:14:00.0839 0556 \Device\Harddisk1\DR1\Partition1 - ok
22:14:00.0839 0556 ============================================================
22:14:00.0839 0556 Scan finished
22:14:00.0839 0556 ============================================================
22:14:00.0839 5796 Detected object count: 2
22:14:00.0839 5796 Actual detected object count: 2
22:14:28.0372 5796 fussvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:28.0372 5796 fussvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:14:28.0372 5796 Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:28.0372 5796 Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank für deine Bemühungen und mit freundlichen Grüssen PST |
|
23.02.2013, 00:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b |
|
23.02.2013, 11:53
| #7 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus Vielen Dank für deine Antwort. Ich habe das versucht, leider ist das Programm erneut abgestürzt. Danach habe ich einige Hintergrundprozesse (Java-Update, OpenOffice, Avira Antivirus) geschlossen, doch auch hier wieder das gleiche Resultat. Danach habe die .exe Datei vom Desktop auf die Partition D:\ verschoben. Von dort hat es dann zumindest mit AV-Scan auf No funktioniert. Hier das Log-File: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 11:45:10
-----------------------------
11:45:10.244 OS Version: Windows x64 6.2.9200
11:45:10.244 Number of processors: 4 586 0x2A07
11:45:10.245 ComputerName: PASCALS-PC UserName:
11:45:10.520 Initialize success
11:45:15.716 AVAST engine defs: 13022200
11:45:31.644 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
11:45:31.644 Disk 0 Vendor: SAMSUNG_SP2504C VT100-41 Size: 238475MB BusType: 3
11:45:31.644 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
11:45:31.644 Disk 1 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 3
11:45:31.644 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-7
11:45:31.644 Disk 2 Vendor: SAMSUNG_HD322HJ 1AC01112 Size: 305245MB BusType: 3
11:45:31.659 Disk 1 MBR read successfully
11:45:31.659 Disk 1 MBR scan
11:45:31.659 Disk 1 Windows 7 default MBR code
11:45:31.691 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 234117 MB offset 2048
11:45:31.753 Disk 1 scanning C:\Windows\system32\drivers
11:45:59.411 Service scanning
11:46:05.708 Modules scanning
11:46:05.708 Disk 1 trace - called modules:
11:46:05.739 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
11:46:05.739 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80078b7060]
11:46:05.739 3 CLASSPNP.SYS[fffff880013a78aa] -> nt!IofCallDriver -> [0xfffffa8006bff520]
11:46:05.739 5 ACPI.sys[fffff88000ed3a91] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8006e87600]
11:46:05.739 Scan finished successfully
11:46:16.005 Disk 1 MBR has been saved successfully to "G:\Eigene Dokumente\MBR.dat"
11:46:16.005 The log file has been saved successfully to "G:\Eigene Dokumente\aswMBR.txt"
PST |
|
24.02.2013, 21:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2013, 22:40
| #9 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus Deine neuen Schritte habe ich ausgeführt. Bei allen Schritte habe ich den Echtzeitschutz von Avira deaktiviert. Hier die Log-Files: 1. JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by *** on 24.02.2013 at 22:13:18.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2013 at 22:16:20.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 24/02/2013 um 22:19:30 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16482
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1153 octets] - [24/02/2013 22:19:30]
########## EOF - C:\AdwCleaner[S1].txt - [1213 octets] ##########
Code:
ATTFilter OTL logfile created on: 24.02.2013 22:24:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.92 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.77% Memory free 9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 228.63 Gb Total Space | 153.76 Gb Free Space | 67.25% Space Free | Partition Type: NTFS Drive D: | 117.19 Gb Total Space | 16.21 Gb Free Space | 13.84% Space Free | Partition Type: NTFS Drive F: | 287.99 Gb Total Space | 110.75 Gb Free Space | 38.46% Space Free | Partition Type: NTFS Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS Computer Name: ***S-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\***\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Spamihilator\sqlite3.dll () MOD - C:\Program Files (x86)\Spamihilator\zlib1.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (msvsmon110) -- C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation) SRV - (fussvc) -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\Drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\Drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (athur) -- C:\Windows\SysNative\Drivers\athurx.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\Drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\Drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (VSPerfDrv110) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation) DRV - (SLEE_18_DRIVER) -- C:\Windows\SleeN1864.sys (Softwareentwicklung Remus - ArchiCrypt - ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/ IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 B7 BC A2 60 EA CD 01 [binary data] IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1002\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 19:45:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 19:45:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.11 14:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.ch/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.ch/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Session Manager = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Turn Off the Lights = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Download Master = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\ CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH) O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH) O4 - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E636EAB-DEAB-47B8-9E5D-203EA345D793}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE13D9F8-7CC3-4B02-B657-E6D38F5AAB4F}: DhcpNameServer = 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.24 22:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.24 22:11:25 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.24 22:10:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.02.22 22:10:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.22 15:03:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.02.22 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.GeckoCIRCUITS [2013.02.22 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeckoCircuits [2013.02.21 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.21 09:12:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.21 09:12:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.21 09:12:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.21 09:12:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.21 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.19 21:29:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz [2013.02.17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.02.17 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.17 18:42:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.17 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance [2013.02.17 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.16 22:42:20 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Internet Explorer [2013.02.16 22:11:24 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.02.16 22:11:24 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.02.16 20:29:41 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe [2013.02.16 20:29:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll [2013.02.16 20:29:40 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll [2013.02.16 20:29:40 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe [2013.02.16 20:29:40 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2013.02.16 20:29:40 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll [2013.02.16 20:29:40 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.02.16 20:29:40 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll [2013.02.16 20:29:39 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll [2013.02.16 20:29:39 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll [2013.02.16 20:29:39 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll [2013.02.16 20:29:39 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.02.16 20:29:39 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll [2013.02.16 20:29:39 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll [2013.02.16 20:29:39 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.02.16 20:29:39 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013.02.16 20:29:38 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll [2013.02.16 20:29:38 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL [2013.02.16 20:29:38 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013.02.16 20:29:38 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL [2013.02.16 20:29:38 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013.02.16 20:29:38 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll [2013.02.16 20:29:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll [2013.02.16 20:29:38 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.02.16 20:29:38 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll [2013.02.16 20:29:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll [2013.02.16 20:29:38 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe [2013.02.16 20:29:38 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe [2013.02.16 20:29:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll [2013.02.16 20:29:37 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll [2013.02.16 20:29:37 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll [2013.02.16 20:29:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll [2013.02.16 20:29:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll [2013.02.16 20:29:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll [2013.02.15 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\***\Valley [2013.02.15 15:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2013.02.15 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine [2013.02.15 13:45:13 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.14 20:36:13 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 20:36:13 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.02.14 20:36:13 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 20:36:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 20:36:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 20:36:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.14 20:36:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.14 20:36:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.14 20:36:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.02.14 20:36:13 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.14 20:36:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.02.14 20:36:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.02.13 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.13 14:25:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.13 14:25:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.13 14:25:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.12 14:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ [2013.02.12 14:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.02.12 14:33:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.02.12 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon [2013.02.12 14:33:03 | 000,361,472 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMAG.DLL [2013.02.08 11:13:41 | 045,673,536 | ---- | C] (Information Factory AG) -- C:\Users\***\ptw12.exe [4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.24 22:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.24 22:20:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.02.24 22:20:51 | 2507,448,319 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 22:18:29 | 000,594,019 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.24 22:10:56 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.02.24 21:35:00 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001UA.job [2013.02.23 22:35:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001Core.job [2013.02.23 11:46:16 | 000,000,512 | ---- | M] () -- G:\Eigene Dokumente\MBR.dat [2013.02.22 22:10:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.22 22:03:11 | 000,247,247 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung aswMBR.PNG [2013.02.21 09:12:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.21 09:12:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.21 09:12:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.21 09:12:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.21 09:12:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.21 09:12:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.20 07:20:22 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.20 07:20:22 | 000,828,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.20 07:20:22 | 000,774,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.20 07:20:22 | 000,188,018 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.20 07:20:22 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.19 21:30:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.02.19 21:25:34 | 000,374,784 | ---- | M] () -- C:\Users\***\Desktop\GMER_2.1.18952.exe [2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.19 21:22:42 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.02.17 18:42:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 09:42:24 | 000,319,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.15 15:58:32 | 001,065,984 | ---- | M] () -- C:\Users\***\AppData\Local\file__0.localstorage [2013.02.15 15:48:33 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk [2013.02.13 14:25:17 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.08 13:04:25 | 000,089,969 | ---- | M] () -- G:\Eigene Dokumente\tausendfüssler.html [2013.02.08 11:28:48 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk [2013.02.08 11:14:15 | 045,673,536 | ---- | M] (Information Factory AG) -- C:\Users\***\ptw12.exe [2013.02.07 00:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.07 00:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.29 21:19:56 | 000,004,472 | ---- | M] () -- G:\Eigene Dokumente\testdatabase.odb [2013.01.29 18:31:37 | 000,002,937 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.html [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif [2013.01.29 18:31:36 | 000,000,905 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif [2013.01.29 18:18:36 | 000,030,720 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.pdf [4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.24 22:18:28 | 000,594,019 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.23 11:46:16 | 000,000,512 | ---- | C] () -- G:\Eigene Dokumente\MBR.dat [2013.02.22 22:03:11 | 000,247,247 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung aswMBR.PNG [2013.02.19 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.19 21:29:37 | 000,374,784 | ---- | C] () -- C:\Users\***\Desktop\GMER_2.1.18952.exe [2013.02.19 21:29:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.02.17 18:42:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 09:42:21 | 000,319,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 20:29:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.15 15:49:11 | 001,065,984 | ---- | C] () -- C:\Users\***\AppData\Local\file__0.localstorage [2013.02.15 15:48:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk [2013.02.13 14:25:17 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.08 13:04:25 | 000,089,969 | ---- | C] () -- G:\Eigene Dokumente\tausendfüssler.html [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif [2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif [2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif [2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif [2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif [2013.01.29 18:31:36 | 000,000,905 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif [2013.01.29 18:31:35 | 000,002,937 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.html [2013.01.29 18:18:35 | 000,030,720 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.pdf [2013.01.29 17:59:11 | 000,004,472 | ---- | C] () -- G:\Eigene Dokumente\testdatabase.odb [2012.12.22 16:46:13 | 001,882,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.05 16:04:12 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll [2012.11.13 17:49:35 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.11 14:06:43 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.01.19 13:42:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 22:24:09 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.92 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.77% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 153.76 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.21 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 110.75 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Computer Name: ***S-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0156CC-1BD5-4338-8F5C-C469531C072E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0EF64744-4ECA-401B-B42A-20D951EDFE60}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CFC6199-04DC-4E26-BFD5-F9A451454C35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FFCFFFA-B51B-4E47-9143-310E543479B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21AF5A53-AED0-4465-995A-E85BF2CEEF49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E730B60-5FA6-4C84-9435-AD59CC1905EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3415F9CA-F65A-4BF8-8B44-A1C6F0CD78C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{386F563D-83A2-4CEE-8E16-848222850A73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DEC5D15-A115-4008-B985-0440CA21843F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A75EC33-9AAC-4EAE-B7E1-E96F2F30D9EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5555CAC0-C4A8-4DB0-A0E3-67354B86B1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79A1A42E-24A4-43EC-9E72-FC627758E1AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{88BAE950-47A4-499C-9171-5C55044665C0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{8B42C9CD-8B93-4D84-AE02-1B6E30924D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90152997-E307-43FF-BB7C-FDD4430138AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970FB209-4424-4484-8CB0-BE5C8950F8E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{A34B0D0C-5D39-4899-B33E-42B9CFC665CD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C370217D-7437-453A-9812-8ACC2FA91CC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB7633F0-BCF9-49E4-A831-152DF9F80AF4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6383789-04EB-41E1-A1FA-FCC5F0D26CC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F750C3F1-ACCF-4184-9AE8-CCC75B30C080}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB8DC12-2194-4F4E-A4AC-6DC77A451390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0400CD16-0A01-408D-B0AA-12C7C1A0CCBA}" = dir=out | name=search.ch |
"{06F404EB-463A-4A33-AB1D-DCE2FD53BDE6}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe |
"{0A99520E-DA62-4515-BA1B-B43ED06DC302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F656C5A-7536-479C-9A6E-61F03C17579B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{14256438-6A95-4382-B3CF-AF2273C11C98}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{165147DB-B144-4EBE-BA4B-DCC746632824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{168A0286-B960-4CE8-AC60-5BA19DD6ACB7}" = dir=out | name=onenote |
"{16D13CFD-DFFC-4C5B-8E5A-6EAC118E33AE}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{17E14C19-F914-4DE2-9393-E3A586C36341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1DD746C2-7DCA-40AD-ADCC-F81AE3CA643E}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{2088B70E-3BDA-4D43-816C-5607B36A9C51}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{28ECFE5F-687C-4591-B47D-6AD1D53BD583}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2A888A1D-A5D0-4C97-AF38-C233AC1D6884}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BF66853-9ED6-40BE-A564-5F9CE0700420}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{2D26DAF6-9A8A-4CDB-B018-FF56D8DD98F0}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2E1CC82F-E270-4DD3-8C92-0A7BA64367CA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3056B10A-76B4-4AC4-91BE-B5AD3CBF293A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{30E6473C-1B7D-48F2-9CA7-E91D1FEAEB5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{314BB11D-8144-4CB6-9D4C-D33877D72EAA}" = dir=out | name=@{pons.wrterbuch_1.4.0.39_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} |
"{320DC909-24AA-4551-A3D5-E8EC55B78374}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{35CEA768-DE42-48E3-BA87-247CC0B31BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{387E2009-B01D-4452-B935-C7D289C277A3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{3C5240AD-5811-410C-B1A6-2AA9415E994B}" = dir=out | name=lightning timer |
"{3FF31916-DAC9-4888-86D7-E9E4DE8CB359}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{446B51CA-7D4E-4A0A-A46B-60CB1FD84DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{44C5BCD1-B306-45FA-A961-69FBF4E185B8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{48F9BDBF-5FC1-4D8C-9B04-7C1E4F7E0E71}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{49808C1C-1829-4E4E-9A62-4CA5C1F6D6F7}" = dir=in | name=onenote |
"{49CD620D-C63F-4038-B5AF-771AA94F78B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4E6BC844-3A54-4A78-AE69-309588223886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{517E1212-2CF4-47A2-A83C-5160AD6D871A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5875A9A6-7EC0-4B5C-A18F-BDD7E9BEBD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4CC1A3-D854-4250-B919-A952256EDAB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA00D3E-1CDF-4E06-ABFA-A2E5AFA49612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{634247FB-1EC8-48E5-B0B6-33327573F68A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{659B81FA-3A44-4FD3-ABFF-0598D8F36E27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65AAA41C-097A-418B-8A69-6534837FA1AD}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6D83B832-1F0F-4C71-9279-A974EBCAC090}" = dir=out | name=tagi-news |
"{6FE701B5-A4B4-450C-BDAE-C897CE641593}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{7189BFF9-F7AE-4333-A629-64536842024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6A703E-A22A-432C-B20F-381C615419CC}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{7DDC3E75-AFFF-4CBE-806A-0164FA589AE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{7FB905C2-5F4C-46BD-8029-7A3609D79027}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F52B9D-1BEB-4042-BFCF-88BD6A7F4095}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8824C4B1-5428-4E01-91E9-BF81C754A718}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8B5F35D9-608F-4E7A-9430-CDDDC58B8AAA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{8C0377A9-66D9-4A42-92D1-F7AB5050E569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E0D2484-391F-4A89-B6E2-0875E5758334}" = dir=out | name=canon inkjet print utility |
"{92F75B6D-62FF-4324-A93C-6CE3FA7587D9}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{9D14D3DF-C15A-4464-9849-6BC8280442D0}" = dir=out | name=wikipedia |
"{A36B9A79-6E03-45DD-9427-2501A81DF464}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AB0F63B6-8F3C-4EE8-B83F-F0B867BF56DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AFDEC594-1189-4BA6-8E06-BAE4CB1B0A49}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B08F5149-5703-44E8-ADD3-A827CD5109BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B3012288-6DD3-4461-A5E2-6FA2D8ED4123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B47B43B6-7A04-4B31-B0BF-3F4EEFC215A8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{C4DC9694-3E66-4BB4-9346-B74712554E66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBC25E8D-8CD4-436E-A092-E7A2C0D16297}" = protocol=6 | dir=out | app=system |
"{CBD8AB40-B882-4569-9380-32288A1EBA70}" = dir=out | name=zattoo live tv |
"{CF6655A1-A111-459D-A416-DAB5161D39BB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DBA526E9-8CFA-4BB8-BB40-1AC639239BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD9569C1-84CA-403F-AD90-523303C4B042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E02041B5-E708-480A-9F78-087623E07D99}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe |
"{E32543DF-DB41-4373-B396-FEBE391D0388}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EFA5CAB9-F92B-4762-8460-DD2E57AFF7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4B50D65-9E75-471D-9BC6-27352A3B1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{FA78BCFA-AD28-4BCE-873E-16408A168043}" = dir=out | name=swiss phone book |
"{FD62C578-04BE-45C9-8FD7-DCC9D1F4F15F}" = dir=out | name=cut the rope |
"{FF51A4FD-51A6-4A9E-8993-902212BEE34B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC0BEF7-CB3C-4995-83FD-556C27828141}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"TCP Query User{0B02FC0E-D50F-4D2B-84F0-7D107CF8147B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{1D4FBF0C-19D2-4678-AFF3-1668D38656CE}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{294DCE27-7DE2-4077-93F5-55C96F53C455}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{323CC57D-7D93-45C6-880E-503C60E5D4BC}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"TCP Query User{51A64849-E672-4A7A-8B54-9F57AADE27CB}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C766B9F0-754D-48E3-950F-885ECB377E87}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{14339A0C-C842-4264-A19F-656479B72EFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1452CF19-620F-4C7C-B532-457371C4EB47}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{33B95583-DBCD-4CD4-B3EC-1ED7A7568654}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"UDP Query User{404C5273-7161-4575-B48C-A336697E4E84}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{82E71039-E722-430E-AF4A-0191F7EB5FA5}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DD548ADC-FDCC-4C0A-A9FE-F9217A8D17C9}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}" = PlayReady PC Runtime amd64
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4DD6FB52-0704-4B46-B74E-8010084F33FC}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU
"{988D34CA-25EC-3FDD-95E9-04EE09BC2C85}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB980FC0-2070-43DC-A985-2B1F8F7852F1}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC- DEU
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF58CE95-2DDC-3EE3-A538-71A7646B0EBE}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Stellarium_is1" = Stellarium 0.11.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" = Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{247a1070-c6e4-426b-af1d-5c7942d3ee06}" = Remotetools für Visual Studio 2012 RC
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"6753-7911-9438-6061" = Private Tax 2012 2.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FreePDF_XP" = FreePDF (Remove only)
"LyX2051" = LyX 2.0.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Star Trek Online" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 24.02.2013 17:14:05 | Computer Name = ***s-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::OnTaskbarCreated File: .\mainfrm.cpp Line: 639
Invoked
Function: redisplayIcon Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 24.02.2013 17:20:11 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 24.02.2013 17:21:01 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
Description:
CVCCONFIG_ERROR_UNEXPECTED
Error - 24.02.2013 17:21:20 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 24.02.2013 17:19:01 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description =
Error - 24.02.2013 17:19:31 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description =
Error - 24.02.2013 17:20:01 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description =
Error - 24.02.2013 17:21:00 | Computer Name = ***s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
PST Geändert von pst (24.02.2013 um 22:54 Uhr) |
|
24.02.2013, 22:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 20:38
| #11 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus Hier die Resultate der Auswertungen: 1. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.25.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 *** :: ***-PC [Administrator] 25.02.2013 14:10:43 mbam-log-2013-02-25 (14-10-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228202 Laufzeit: 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33d3a2ab9b90c740984bda2d44904195
# engine=13237
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-25 05:47:04
# local_time=2013-02-25 06:47:04 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 21418 1056430 14208 0
# compatibility_mode=5893 16776574 100 94 1114905 18544336 0 0
# scanned=783163
# found=5
# cleaned=0
# scan_time=16140
sh=52B652A736EB57AF2A265F20CD02E3F09C19DD02 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="D:\Users\*** ***\AppData\Local\Temp\OptimizerPro_new.zip"
sh=415788A0C3A0C0AEFFE5DC2707F00D56BC10FC86 ft=1 fh=9a01efc3b7a794b4 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="D:\Users\*** ***\AppData\Local\Temp\1606e1353324abdcd295dfd1d5956201\OptimizerPro.exe"
sh=F9AF9DCECF65A61C57BC093D7DD43FCA305940D4 ft=1 fh=3db5a627af2823b3 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="D:\Windows\Temp\RegistryOptimizer.exe"
sh=A55453E998802CAD1F5F12778F4F322078CA923C ft=0 fh=0000000000000000 vn="probably a variant of Win32/PSW.IM.FJHTMND trojan" ac=I fn="G:\Marketing\Affiliate\giveaway\47videos_resale (2).zip"
sh=A55453E998802CAD1F5F12778F4F322078CA923C ft=0 fh=0000000000000000 vn="probably a variant of Win32/PSW.IM.FJHTMND trojan" ac=I fn="G:\Marketing\Affiliate\giveaway\47videos_resale.zip"
Vielen Dank für die bisherige Unterstützung und mit freundlichen Grüssen PST |
|
26.02.2013, 00:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Nur Funde in Temp. Außerdem in Laufwerk G, war das ne externe Platte zum Zeitpunkt des Scans mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 09:09
| #13 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus Nein G:\ ist keine extra Platte. Die ist fix eingebaut und darauf sind meine Daten gespeichert (vom System getrennt). Beim Scan habe ich alle externen Platten entfernt, nur eine Speicherkarte bzw. ein USB Stick (da bin ich mir nicht mehr sicher) war kurzfristig eingesteckt (die wurde aber vom Scan nicht erfasst). Was muss ich mit den Funden im Temp machen? Mit freundlichen Grüssen PST |
|
26.02.2013, 11:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Naja im Prinzip ist es für das System auch völlig latte ob G ein Speicherort einer internen oder externen Platte ist. Zu den Temps: Bitte TFC anwenden TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 20:10
| #15 |
| | HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Hallo Cosinus Soweit ich das beurteilen kann müsste jetzt alles sauber sein/habe ich keine Probleme mehr. Vielen Dank für deine Unterstützung und Tips.  mit freundlichen Grüssen PST |
|
| Themen zu HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b |
| adblock, antivirus, application/pdf:, autorun, avira, bho, canon, computer, datei anhängen, down, error, festplatte, firefox, google, helper, homepage, hängen, iexplore.exe, install.exe, lightning, logfile, mozilla, ntdll.dll, nvidia update, object, plug-in, realtek, recycle.bin, registry, richtlinie, scan, security, spotify web helper, svchost.exe, taskmanager, tracker, virustotal.com, visual studio, warnung, windows |
Linear-Darstellung
