| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: betroffen von adserverplus.com und hält sich hartäckigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.03.2013, 08:47
| #1 |
 |  betroffen von adserverplus.com und hält sich hartäckig Hallo mein Rechner wurde "Adserverplus.com" Trojaner / Virus befallen und brauche Unterstützung um das Ding zu beseitigen. Irgendwie bekomme ich es nicht hin.  Ich muss mir das Ding eingefangen haben, als ich auf ein Update von skype aufmerksam gemacht wurde. Nach Ausführung wurde mir sämtliches zusätzliches Zeug zum Download angeboten, was ich abgelehnt habe. Aber irgendwie war das schon zu spät. Möglicherweise kann es auch schon vorher passiert sein. Ich habe Malwarebytes installiert und durchlaufen lassen. Das Programm hat einiges gefunden: 16.03.2013 10:08:30 mbam-log-2013-03-16 (10-08-30).txt Infizierte Dateien: 1 G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt. 16.03.2013 14:05:11 mbam-log-2013-03-16 (14-05-11).txt Infizierte Dateien: 2 G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt. G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. 17.03.2013 08:33:33 mbam-log-2013-03-17 (08-33-33).txt Infizierte Dateien: 1 G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt. aswMBR habe ich auch durchlaufen lassen und entsprechende Log-Datei angehängt. Ebenso die Log-Datei von OTL liegt bei. Das Programm adwcleaner findet nichts. Danke für Eure Hilfe! Als Virenschutz läuft GDATA AntiVirus 2013 Geändert von Nr45 (18.03.2013 um 09:04 Uhr) |
|
18.03.2013, 12:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | betroffen von adserverplus.com und hält sich hartäckig Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.03.2013, 13:10
| #3 |
| | betroffen von adserverplus.com und hält sich hartäckig Hallo
__________________das mit dem Code wurde mir erst später klar. Pardon. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wolff :: CAD [Administrator] Schutz: Aktiviert 16.03.2013 10:08:30 mbam-log-2013-03-16 (10-08-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 261377 Laufzeit: 1 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{D7926497-E476-489B-B4E9-DBFCA45483A2}\IconD79264971.bmp (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wolff :: CAD [Administrator] Schutz: Aktiviert 16.03.2013 14:05:11 mbam-log-2013-03-16 (14-05-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 766570 Laufzeit: 1 Stunde(n), 13 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt. G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wolff :: CAD [Administrator] Schutz: Aktiviert 17.03.2013 08:33:33 mbam-log-2013-03-17 (08-33-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 766611 Laufzeit: 1 Stunde(n), 9 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-18 07:51:15
-----------------------------
07:51:15.775 OS Version: Windows x64 6.1.7601 Service Pack 1
07:51:15.776 Number of processors: 4 586 0x3A09
07:51:15.776 ComputerName: CAD UserName:
07:51:16.083 Initialize success
07:51:21.941 AVAST engine defs: 13031701
07:51:23.436 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
07:51:23.437 Disk 0 Vendor: MAXTOR_STM3500320AS MX15 Size: 476940MB BusType: 11
07:51:23.512 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
07:51:23.513 Disk 1 Vendor: SanDisk_SDSSDX120GG25 R112 Size: 114473MB BusType: 11
07:51:23.591 Disk 1 MBR read successfully
07:51:23.593 Disk 1 MBR scan
07:51:23.597 Disk 1 Windows 7 default MBR code
07:51:23.598 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:51:23.604 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
07:51:23.652 Disk 1 scanning C:\Windows\system32\drivers
07:51:32.230 Service scanning
07:51:39.610 Modules scanning
07:51:39.618 Disk 1 trace - called modules:
07:51:39.629 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:51:39.635 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006f02060]
07:51:39.638 3 CLASSPNP.SYS[fffff8800191a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800694f060]
07:51:39.965 AVAST engine scan C:\Windows
07:51:43.970 AVAST engine scan C:\Windows\system32
07:53:52.015 AVAST engine scan C:\Windows\system32\drivers
07:53:55.880 AVAST engine scan C:\Users\Wolff
07:54:52.394 AVAST engine scan C:\ProgramData
07:55:14.183 Scan finished successfully
07:59:47.058 Disk 1 MBR has been saved successfully to "C:\Users\Wolff\Desktop\System\entferner\MBR.dat"
07:59:47.061 The log file has been saved successfully to "C:\Users\Wolff\Desktop\System\entferner\aswMBR_3_komplett.txt"
Code:
ATTFilter OTL logfile created on: 18.03.2013 08:34:17 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolff\Desktop\System\entferner 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,47% Memory free 15,97 Gb Paging File | 12,24 Gb Available in Paging File | 76,66% Paging File free Paging file location(s): f:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 39,32 Gb Free Space | 35,20% Space Free | Partition Type: NTFS Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS Computer Name: CAD | User Name: Wolff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.02.21 19:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolff\Desktop\System\entferner\OTL.exe PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2013.01.18 16:57:35 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.04.03 10:14:10 | 006,082,560 | ---- | M] (Visagesoft) -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe PRC - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.03.19 14:10:42 | 000,169,984 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe PRC - [2011.12.23 16:26:44 | 000,347,792 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe PRC - [2011.12.10 21:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.01 09:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe PRC - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010.12.23 11:08:47 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.09.12 16:32:22 | 001,416,504 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files (x86)\FreeCommander\FreeCommander.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.12.15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.09.25 21:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2005.05.03 23:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe ========== Modules (No Company Name) ========== MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll MOD - [2013.02.14 09:16:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013.02.14 09:06:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 07:42:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 07:42:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 07:41:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 07:41:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 07:41:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 07:41:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.04.02 18:36:36 | 004,680,704 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfcore160.bpl MOD - [2012.04.02 18:36:36 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfeditor160.bpl MOD - [2012.04.02 18:36:36 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\expertpdfcore160.bpl MOD - [2012.04.02 18:36:34 | 002,672,640 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsvector160.bpl MOD - [2012.04.02 18:36:34 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsprinters160.bpl MOD - [2012.04.02 18:36:34 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprinter160.bpl MOD - [2012.04.02 18:36:32 | 002,693,120 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\BBlite160.bpl MOD - [2012.04.02 18:36:32 | 002,253,824 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\PKIECtrl160.bpl MOD - [2012.04.02 18:36:32 | 001,186,816 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\TMSlite160.bpl MOD - [2012.04.02 18:36:32 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspropsaver160.bpl MOD - [2012.03.19 14:10:12 | 001,278,976 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPI.dll MOD - [2012.02.23 15:11:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vstrees160.bpl MOD - [2011.10.05 09:32:28 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll MOD - [2011.09.30 18:10:22 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\js32.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.12.15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.11 11:22:08 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.12 21:29:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.08 19:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013.01.18 16:57:35 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.09.28 18:52:44 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.09.25 14:56:37 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Programme\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe) SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.12.10 21:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.12.23 11:08:47 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.05.03 23:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe -- (MSSQL$SIBBAUWERKE) SRV - [2005.05.03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL$SIBBAUWERKE\Binn\sqlagent.EXE -- (SQLAgent$SIBBAUWERKE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.11 11:22:08 | 000,331,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV:64bit: - [2013.02.11 11:22:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2013.02.11 11:22:06 | 000,303,304 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2013.02.11 11:22:06 | 000,141,256 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2013.02.11 11:22:06 | 000,090,056 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2013.02.11 11:22:06 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2013.01.22 17:08:56 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror) DRV:64bit: - [2013.01.10 21:43:58 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.10 21:43:57 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.10 21:43:57 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.10 21:43:57 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.10 21:43:57 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.03 09:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 09:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.10.03 08:55:13 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 14:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.09.25 21:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.09.25 21:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idea.de/startseite.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 E7 B8 2F AC 0D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\hp.com/hpePrintShare: C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL (hp) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.04 12:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.08 15:05:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.16 08:12:56 | 000,000,000 | ---D | M] [2013.02.08 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Wolff\AppData\Roaming\Mozilla\plugins\npatgpc.dll CHR - plugin: hp ePrint&Share (Enabled) = C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Logitech SetPoint = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Google Mail = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Auto Lyrics = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Heleni Uploader] C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MBoxUtil Clean] C:\Program Files (x86)\KONICA MINOLTA\BOX Utility\BoxUtil.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files (x86)\SFirm32\sfWinStartupInfo.exe (BIVG Hannover) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [neoSearch] C:\Users\Wolff\AppData\Roaming\KoshyJohn.com\neoSearch\neoSearch.exe (KoshyJohn.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E97791-E79B-461C-8829-74443A2FEB33}: NameServer = 192.168.137.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.15 12:22:57 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\starter.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 09:59:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 09:59:08 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 07:06:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\Malwarebytes [2013.03.16 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 10:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.16 10:07:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.16 10:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.16 08:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics [2013.03.13 21:08:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 21:08:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 21:08:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 21:08:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 21:08:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 21:08:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 21:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 21:08:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 21:08:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 21:08:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 21:08:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 21:08:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 21:08:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 21:08:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 21:08:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.12 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Readiris [2013.03.12 22:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. [2013.03.12 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Readiris Pro 12 [2013.03.12 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.03.08 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Logishrd [2013.03.08 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.03.08 15:00:51 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2013.03.08 15:00:14 | 022,309,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.03.08 15:00:14 | 018,584,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.03.08 15:00:14 | 016,470,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.03.08 15:00:14 | 013,013,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.03.08 15:00:14 | 012,010,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.03.08 15:00:14 | 007,132,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.03.08 15:00:14 | 006,561,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.03.08 15:00:14 | 005,306,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.03.08 15:00:14 | 002,946,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.03.08 15:00:14 | 002,806,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.03.08 15:00:14 | 002,344,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.03.08 15:00:14 | 002,215,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.03.08 15:00:14 | 002,084,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.03.08 15:00:14 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.03.08 15:00:14 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.03.07 12:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir [2013.03.07 07:58:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 07:58:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 07:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.06 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\HEITKER [2013.03.04 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Wondershare PDF to Word [2013.03.02 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\UltraVNC [2013.03.02 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC [2013.03.02 10:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\uvnc bvba [2013.03.01 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.27 18:00:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 18:00:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 18:00:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 18:00:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 17:59:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 17:59:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 17:59:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 17:59:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 17:59:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 17:59:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 17:59:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 17:59:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 17:59:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 17:59:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 17:59:58 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 17:59:57 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 17:59:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 17:59:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 17:59:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 17:59:57 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 17:59:57 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 17:59:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 17:59:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.23 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.thumbnails [2013.02.23 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\fontconfig [2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\gegl-0.2 [2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.gimp-2.8 [2013.02.23 16:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.02.23 10:16:09 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll [2013.02.23 10:16:09 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys [2013.02.22 12:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.02.22 12:37:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.02.22 12:37:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.02.22 12:37:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.02.22 12:37:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.02.22 12:37:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.02.22 12:37:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.02.22 12:37:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.02.22 12:37:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.02.22 12:37:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.02.22 12:37:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.02.22 12:37:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.02.22 12:37:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.02.22 12:37:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.02.22 12:37:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.02.22 12:37:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.02.22 12:37:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.02.22 12:37:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.02.22 12:37:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.02.22 12:37:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.02.22 12:37:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.02.22 12:37:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.02.22 12:37:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.02.22 12:37:36 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.02.22 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\XnView [2013.02.22 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Secunia PSI [2013.02.22 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.02.21 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.20 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.20 12:11:52 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.20 12:11:52 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 08:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 08:03:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job [2013.03.18 07:42:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.18 07:42:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.18 06:58:53 | 001,011,756 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.03.18 06:58:53 | 000,053,051 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.03.18 06:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 03:23:20 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 03:23:20 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 03:20:35 | 001,704,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.18 03:20:35 | 000,732,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 03:20:35 | 000,679,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 03:20:35 | 000,164,332 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 03:20:35 | 000,133,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 03:16:08 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys [2013.03.16 10:07:40 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 09:19:58 | 000,000,216 | ---- | M] () -- C:\Users\Wolff\defogger_reenable [2013.03.14 17:43:32 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.13 18:10:57 | 000,125,420 | ---- | M] () -- C:\Users\Wolff\Documents\Readiris.DUS [2013.03.13 09:58:45 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV24.dll [2013.03.12 22:13:22 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk [2013.03.12 22:13:22 | 000,000,150 | ---- | M] () -- C:\Windows\Readiris.ini [2013.03.12 21:29:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 21:29:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 08:29:35 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV14.dll [2013.03.11 19:07:02 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk [2013.03.08 15:05:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.03.07 12:14:29 | 000,003,652 | ---- | M] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk [2013.03.07 07:58:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.07 07:58:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 07:58:33 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 07:58:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.06 16:50:04 | 000,275,160 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppr4-x64.dll [2013.03.06 16:49:58 | 000,250,072 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppmon4.dll [2013.03.02 07:59:03 | 000,000,241 | ---- | M] () -- C:\Users\Wolff\Documents\ax_files.xml [2013.02.23 16:20:53 | 000,001,518 | ---- | M] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel [2013.02.22 12:33:14 | 000,001,799 | ---- | M] () -- C:\Users\Wolff\Desktop\XnView.lnk [2013.02.22 12:32:22 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk [2013.02.22 12:31:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.22 12:29:36 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.02.22 10:52:13 | 000,001,168 | ---- | M] () -- C:\Users\Wolff\Desktop\PC-Adreßzz! 7.x.LNK [2013.02.22 10:50:09 | 000,001,197 | ---- | M] () -- C:\Users\Wolff\Desktop\Safer Mail 6.x.LNK [2013.02.21 19:16:13 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.20 20:07:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.19 09:06:25 | 000,000,243 | ---- | M] () -- C:\Users\Wolff\Documents\acad.err [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.16 10:07:40 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 09:19:58 | 000,000,216 | ---- | C] () -- C:\Users\Wolff\defogger_reenable [2013.03.16 08:12:58 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job [2013.03.13 18:03:10 | 000,125,420 | ---- | C] () -- C:\Users\Wolff\Documents\Readiris.DUS [2013.03.12 22:13:22 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk [2013.03.12 22:13:22 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini [2013.03.11 19:07:07 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV24.dll [2013.03.11 19:07:02 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk [2013.03.07 12:14:29 | 000,003,652 | ---- | C] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk [2013.02.23 16:20:53 | 000,001,518 | ---- | C] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel [2013.02.23 16:04:13 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.02.22 12:33:14 | 000,001,799 | ---- | C] () -- C:\Users\Wolff\Desktop\XnView.lnk [2013.02.22 12:29:36 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.02.22 12:29:36 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.02.21 19:28:02 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.21 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.20 12:11:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.19 09:06:25 | 000,000,243 | ---- | C] () -- C:\Users\Wolff\Documents\acad.err [2013.02.02 19:05:31 | 000,004,608 | ---- | C] () -- C:\Users\Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 16:43:42 | 000,700,365 | ---- | C] () -- C:\Windows\unins000.exe [2012.10.13 16:43:42 | 000,032,607 | ---- | C] () -- C:\Windows\unins000.dat [2012.10.03 09:55:25 | 000,007,143 | ---- | C] () -- C:\Windows\Rohre.ini [2012.10.03 09:07:58 | 001,511,936 | ---- | C] () -- C:\Windows\SysWow64\Vdk200.dll [2012.10.03 09:07:58 | 001,121,280 | ---- | C] () -- C:\Windows\SysWow64\flt_pdf.dll [2012.10.03 09:07:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\vgw_url.dll [2012.10.03 09:07:58 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\flt_rec.dll [2012.10.03 09:07:58 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\flt_kv.dll [2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_tofl.dll [2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_meta.dll [2012.10.03 09:07:58 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\flt_tobf.dll [2012.10.03 09:07:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\utf7.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\utf8.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\unicode.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\europa3.dll [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XTree.ini [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XSearch.ini [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XIndex.ini [2012.10.01 12:27:42 | 000,000,221 | ---- | C] () -- C:\Windows\espia.ini [2012.10.01 12:22:24 | 000,000,353 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.10.01 12:20:25 | 000,000,227 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.01 10:51:30 | 000,000,093 | ---- | C] () -- C:\Users\Wolff\AppData\Local\fusioncache.dat [2012.09.29 14:18:02 | 001,011,756 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.28 20:00:06 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV14.dll [2012.09.28 19:31:53 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll [2012.09.28 19:31:24 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll [2012.09.28 19:31:24 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll [2012.09.28 19:31:24 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll [2012.09.28 19:13:45 | 000,000,397 | ---- | C] () -- C:\Windows\BoxUtil.INI [2012.09.28 19:13:45 | 000,000,171 | ---- | C] () -- C:\Windows\MBoxWin.ini [2012.09.28 18:48:19 | 001,684,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.25 12:00:33 | 000,039,049 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.25 11:57:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.25 11:57:41 | 000,028,702 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.12.10 21:12:58 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.06.08 08:44:04 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
18.03.2013, 13:13
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckigZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.03.2013, 13:17
| #5 |
| | betroffen von adserverplus.com und hält sich hartäckig Ich bin Freiberufler und kümmere mich mehr oder weniger um meine Hardware selbst. |
|
18.03.2013, 13:19
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckig Ok, ich poste den Hinweis trotzdem mal: Zitat:
Gelesen und verstanden? es geht hauptsächlich um den in fetten, rotfarbenen Text in der o.g. Zitatbox.
__________________ --> betroffen von adserverplus.com und hält sich hartäckig |
|
18.03.2013, 13:27
| #7 |
| | betroffen von adserverplus.com und hält sich hartäckig Den rotfarbenen Text hab ich gelesen. |
|
18.03.2013, 13:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckig Und die Konsquenz ist dir klar? Wie willst du jetzt weitermachen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 16:10
| #9 |
| | betroffen von adserverplus.com und hält sich hartäckig ich speichere grundsätzlich keine Passwörter auf der Festplatte. Die Daten sind alle im Netz gespeichert. Das Bankenprogramm kann ich notfalls deinstallieren. Eine Datensicherung ist vorhanden. Ich habe keine Lust 2 Tage lang wieder den Rechner neu zu installieren. Wo liegen da noch Risiken? |
|
18.03.2013, 16:12
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckigZitat:
 ich hab es doch extra in dicker Rotschrift vorhin hervorgehoben  Edit: Egal, machen wir mal weiter. GMER und aswMBR hast du ja schon ausgeführt...  Weiter geht mit MBAR und dem TDSS-Killer MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (18.03.2013 um 16:19 Uhr) |
|
18.03.2013, 16:59
| #11 |
| | betroffen von adserverplus.com und hält sich hartäckig Nach dem Starten der mbar.exe erscheint folgendes: "AppInit_Dlls" gefunden, verursacht möglicherweise Rootkit activity Was ist zu tun löschen oder erstmal übergehen? |
|
18.03.2013, 17:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckig Da bitte auf nein klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 17:21
| #13 |
| | betroffen von adserverplus.com und hält sich hartäckig Malwarebytes Anti-Rootkit BETA 1.01.0.1021 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolff :: CAD [administrator]
18.03.2013 17:11:17
mbar-log-2013-03-18 (17-11-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31126
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:13:27.0836 4644 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:13:27.0945 4644 ============================================================
17:13:27.0945 4644 Current date / time: 2013/03/18 17:13:27.0945
17:13:27.0945 4644 SystemInfo:
17:13:27.0945 4644
17:13:27.0945 4644 OS Version: 6.1.7601 ServicePack: 1.0
17:13:27.0945 4644 Product type: Workstation
17:13:27.0945 4644 ComputerName: CAD
17:13:27.0945 4644 UserName: Wolff
17:13:27.0945 4644 Windows directory: C:\Windows
17:13:27.0945 4644 System windows directory: C:\Windows
17:13:27.0945 4644 Running under WOW64
17:13:27.0945 4644 Processor architecture: Intel x64
17:13:27.0945 4644 Number of processors: 4
17:13:27.0945 4644 Page size: 0x1000
17:13:27.0945 4644 Boot type: Normal boot
17:13:27.0945 4644 ============================================================
17:13:28.0155 4644 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:28.0165 4644 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:28.0226 4644 ============================================================
17:13:28.0226 4644 \Device\Harddisk1\DR1:
17:13:28.0228 4644 MBR partitions:
17:13:28.0228 4644 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:13:28.0228 4644 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
17:13:28.0228 4644 \Device\Harddisk0\DR0:
17:13:28.0228 4644 MBR partitions:
17:13:28.0228 4644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD6D7DC8
17:13:28.0241 4644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD6D7E46, BlocksNum 0x2CCA8F3A
17:13:28.0241 4644 ============================================================
17:13:28.0243 4644 C: <-> \Device\Harddisk1\DR1\Partition2
17:13:28.0270 4644 F: <-> \Device\Harddisk0\DR0\Partition1
17:13:28.0294 4644 G: <-> \Device\Harddisk0\DR0\Partition2
17:13:28.0294 4644 ============================================================
17:13:28.0294 4644 Initialize success
17:13:28.0294 4644 ============================================================
17:14:36.0820 6484 ============================================================
17:14:36.0820 6484 Scan started
17:14:36.0820 6484 Mode: Manual; SigCheck; TDLFS;
17:14:36.0820 6484 ============================================================
17:14:37.0065 6484 ================ Scan system memory ========================
17:14:37.0065 6484 System memory - ok
17:14:37.0065 6484 ================ Scan services =============================
17:14:37.0108 6484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:14:37.0187 6484 1394ohci - ok
17:14:37.0192 6484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:14:37.0204 6484 ACPI - ok
17:14:37.0206 6484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:14:37.0225 6484 AcpiPmi - ok
17:14:37.0230 6484 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:14:37.0239 6484 AdobeARMservice - ok
17:14:37.0263 6484 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:14:37.0273 6484 AdobeFlashPlayerUpdateSvc - ok
17:14:37.0279 6484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:14:37.0292 6484 adp94xx - ok
17:14:37.0297 6484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:14:37.0307 6484 adpahci - ok
17:14:37.0311 6484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:14:37.0321 6484 adpu320 - ok
17:14:37.0324 6484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:14:37.0374 6484 AeLookupSvc - ok
17:14:37.0380 6484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:14:37.0394 6484 AFD - ok
17:14:37.0396 6484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:14:37.0404 6484 agp440 - ok
17:14:37.0407 6484 [ DB262BADD56D97652D5E726B7C2ED9DF ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys
17:14:37.0416 6484 aksdf - ok
17:14:37.0419 6484 [ 2658A412543113E8A8D34DF6CCC7D7E7 ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
17:14:37.0427 6484 aksfridge - ok
17:14:37.0429 6484 [ 35E43EE8FE28CFD581E8CE42847DFE2B ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
17:14:37.0437 6484 akshasp - ok
17:14:37.0439 6484 [ 053B204554F104CB5DC3D94B61BDA458 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
17:14:37.0446 6484 akshhl - ok
17:14:37.0451 6484 [ 51982A019F66D4DFD1A6E1AF548CCFA5 ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
17:14:37.0460 6484 aksusb - ok
17:14:37.0463 6484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:14:37.0479 6484 ALG - ok
17:14:37.0481 6484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:14:37.0489 6484 aliide - ok
17:14:37.0491 6484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:14:37.0499 6484 amdide - ok
17:14:37.0501 6484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:14:37.0510 6484 AmdK8 - ok
17:14:37.0513 6484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:14:37.0522 6484 AmdPPM - ok
17:14:37.0525 6484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:14:37.0534 6484 amdsata - ok
17:14:37.0537 6484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:14:37.0546 6484 amdsbs - ok
17:14:37.0549 6484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:14:37.0556 6484 amdxata - ok
17:14:37.0559 6484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:14:37.0609 6484 AppID - ok
17:14:37.0612 6484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:14:37.0635 6484 AppIDSvc - ok
17:14:37.0637 6484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:14:37.0661 6484 Appinfo - ok
17:14:37.0666 6484 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:14:37.0674 6484 Apple Mobile Device - ok
17:14:37.0678 6484 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:14:37.0691 6484 AppMgmt - ok
17:14:37.0693 6484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:14:37.0702 6484 arc - ok
17:14:37.0705 6484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:14:37.0714 6484 arcsas - ok
17:14:37.0726 6484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:14:37.0735 6484 aspnet_state - ok
17:14:37.0737 6484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:14:37.0762 6484 AsyncMac - ok
17:14:37.0764 6484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:14:37.0772 6484 atapi - ok
17:14:37.0776 6484 [ 6C1890D62A505F3019765A83521D8416 ] atashost C:\Windows\SysWOW64\atashost.exe
17:14:37.0785 6484 atashost - ok
17:14:37.0793 6484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:14:37.0824 6484 AudioEndpointBuilder - ok
17:14:37.0831 6484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:14:37.0858 6484 AudioSrv - ok
17:14:37.0864 6484 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
17:14:37.0873 6484 Autodesk Content Service - ok
17:14:37.0889 6484 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
17:14:37.0917 6484 AVKProxy - ok
17:14:37.0924 6484 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
17:14:37.0937 6484 AVKService - ok
17:14:37.0955 6484 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
17:14:37.0997 6484 AVKWCtl - ok
17:14:38.0000 6484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:14:38.0023 6484 AxInstSV - ok
17:14:38.0029 6484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:14:38.0043 6484 b06bdrv - ok
17:14:38.0048 6484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:14:38.0060 6484 b57nd60a - ok
17:14:38.0064 6484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:14:38.0075 6484 BDESVC - ok
17:14:38.0077 6484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:14:38.0101 6484 Beep - ok
17:14:38.0109 6484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:14:38.0137 6484 BFE - ok
17:14:38.0146 6484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:14:38.0176 6484 BITS - ok
17:14:38.0178 6484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:14:38.0188 6484 blbdrive - ok
17:14:38.0195 6484 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:14:38.0208 6484 Bonjour Service - ok
17:14:38.0212 6484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:14:38.0223 6484 bowser - ok
17:14:38.0225 6484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:14:38.0237 6484 BrFiltLo - ok
17:14:38.0239 6484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:14:38.0250 6484 BrFiltUp - ok
17:14:38.0254 6484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:14:38.0267 6484 Browser - ok
17:14:38.0271 6484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:14:38.0285 6484 Brserid - ok
17:14:38.0287 6484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:14:38.0299 6484 BrSerWdm - ok
17:14:38.0301 6484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:14:38.0312 6484 BrUsbMdm - ok
17:14:38.0315 6484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:14:38.0325 6484 BrUsbSer - ok
17:14:38.0327 6484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:14:38.0339 6484 BTHMODEM - ok
17:14:38.0342 6484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:14:38.0367 6484 bthserv - ok
17:14:38.0370 6484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:14:38.0394 6484 cdfs - ok
17:14:38.0397 6484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:14:38.0407 6484 cdrom - ok
17:14:38.0410 6484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:14:38.0438 6484 CertPropSvc - ok
17:14:38.0441 6484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:14:38.0453 6484 circlass - ok
17:14:38.0458 6484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:14:38.0472 6484 CLFS - ok
17:14:38.0478 6484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:14:38.0486 6484 clr_optimization_v2.0.50727_32 - ok
17:14:38.0492 6484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:14:38.0505 6484 clr_optimization_v2.0.50727_64 - ok
17:14:38.0513 6484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:14:38.0521 6484 clr_optimization_v4.0.30319_32 - ok
17:14:38.0524 6484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:14:38.0534 6484 clr_optimization_v4.0.30319_64 - ok
17:14:38.0537 6484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:14:38.0547 6484 CmBatt - ok
17:14:38.0549 6484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:14:38.0557 6484 cmdide - ok
17:14:38.0563 6484 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:14:38.0580 6484 CNG - ok
17:14:38.0582 6484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:14:38.0590 6484 Compbatt - ok
17:14:38.0592 6484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:14:38.0604 6484 CompositeBus - ok
17:14:38.0606 6484 COMSysApp - ok
17:14:38.0609 6484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:14:38.0617 6484 crcdisk - ok
17:14:38.0622 6484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:14:38.0638 6484 CryptSvc - ok
17:14:38.0644 6484 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:14:38.0658 6484 CSC - ok
17:14:38.0666 6484 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:14:38.0683 6484 CscService - ok
17:14:38.0690 6484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:14:38.0716 6484 DcomLaunch - ok
17:14:38.0721 6484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:14:38.0748 6484 defragsvc - ok
17:14:38.0751 6484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:14:38.0775 6484 DfsC - ok
17:14:38.0780 6484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:14:38.0794 6484 Dhcp - ok
17:14:38.0797 6484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:14:38.0820 6484 discache - ok
17:14:38.0822 6484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:14:38.0831 6484 Disk - ok
17:14:38.0833 6484 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:14:38.0844 6484 dmvsc - ok
17:14:38.0847 6484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:14:38.0860 6484 Dnscache - ok
17:14:38.0864 6484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:14:38.0889 6484 dot3svc - ok
17:14:38.0893 6484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:14:38.0917 6484 DPS - ok
17:14:38.0919 6484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:14:38.0929 6484 drmkaud - ok
17:14:38.0939 6484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:14:38.0956 6484 DXGKrnl - ok
17:14:38.0959 6484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:14:38.0984 6484 EapHost - ok
17:14:39.0012 6484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:14:39.0046 6484 ebdrv - ok
17:14:39.0049 6484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:14:39.0060 6484 EFS - ok
17:14:39.0069 6484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:14:39.0090 6484 ehRecvr - ok
17:14:39.0092 6484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:14:39.0103 6484 ehSched - ok
17:14:39.0110 6484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:14:39.0123 6484 elxstor - ok
17:14:39.0125 6484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:14:39.0134 6484 ErrDev - ok
17:14:39.0141 6484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:14:39.0168 6484 EventSystem - ok
17:14:39.0172 6484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:14:39.0195 6484 exfat - ok
17:14:39.0199 6484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:14:39.0223 6484 fastfat - ok
17:14:39.0231 6484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:14:39.0250 6484 Fax - ok
17:14:39.0253 6484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:14:39.0262 6484 fdc - ok
17:14:39.0264 6484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:14:39.0287 6484 fdPHost - ok
17:14:39.0289 6484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:14:39.0314 6484 FDResPub - ok
17:14:39.0316 6484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:14:39.0325 6484 FileInfo - ok
17:14:39.0327 6484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:14:39.0350 6484 Filetrace - ok
17:14:39.0364 6484 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:14:39.0393 6484 FLEXnet Licensing Service 64 - ok
17:14:39.0395 6484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:14:39.0404 6484 flpydisk - ok
17:14:39.0409 6484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:14:39.0419 6484 FltMgr - ok
17:14:39.0431 6484 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:14:39.0458 6484 FontCache - ok
17:14:39.0461 6484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:39.0468 6484 FontCache3.0.0.0 - ok
17:14:39.0471 6484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:14:39.0479 6484 FsDepends - ok
17:14:39.0481 6484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:14:39.0489 6484 Fs_Rec - ok
17:14:39.0493 6484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:14:39.0505 6484 fvevol - ok
17:14:39.0508 6484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:14:39.0516 6484 gagp30kx - ok
17:14:39.0519 6484 [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
17:14:39.0527 6484 GDBehave - ok
17:14:39.0530 6484 [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
17:14:39.0538 6484 GDMnIcpt - ok
17:14:39.0541 6484 [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
17:14:39.0549 6484 GDPkIcpt - ok
17:14:39.0556 6484 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
17:14:39.0570 6484 GDScan - ok
17:14:39.0572 6484 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
17:14:39.0580 6484 gdwfpcd - ok
17:14:39.0583 6484 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:14:39.0590 6484 GEARAspiWDM - ok
17:14:39.0598 6484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:14:39.0630 6484 gpsvc - ok
17:14:39.0634 6484 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:39.0643 6484 gupdate - ok
17:14:39.0646 6484 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:39.0653 6484 gupdatem - ok
17:14:39.0658 6484 [ F63408F1F58189285DC726747E6645A1 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
17:14:39.0668 6484 Hardlock - ok
17:14:39.0670 6484 hasplms - ok
17:14:39.0673 6484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:14:39.0684 6484 hcw85cir - ok
17:14:39.0689 6484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:14:39.0702 6484 HdAudAddService - ok
17:14:39.0705 6484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:14:39.0717 6484 HDAudBus - ok
17:14:39.0719 6484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:14:39.0729 6484 HidBatt - ok
17:14:39.0731 6484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:14:39.0743 6484 HidBth - ok
17:14:39.0745 6484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:14:39.0757 6484 HidIr - ok
17:14:39.0760 6484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:14:39.0784 6484 hidserv - ok
17:14:39.0786 6484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:14:39.0795 6484 HidUsb - ok
17:14:39.0799 6484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:14:39.0824 6484 hkmsvc - ok
17:14:39.0828 6484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:14:39.0842 6484 HomeGroupListener - ok
17:14:39.0846 6484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:14:39.0858 6484 HomeGroupProvider - ok
17:14:39.0861 6484 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
17:14:39.0869 6484 HookCentre - ok
17:14:39.0872 6484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:14:39.0880 6484 HpSAMD - ok
17:14:39.0888 6484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:14:39.0916 6484 HTTP - ok
17:14:39.0919 6484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:14:39.0927 6484 hwpolicy - ok
17:14:39.0930 6484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:14:39.0940 6484 i8042prt - ok
17:14:39.0945 6484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:14:39.0958 6484 iaStorV - ok
17:14:39.0962 6484 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:14:39.0969 6484 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:14:39.0969 6484 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:14:39.0978 6484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:14:39.0999 6484 idsvc - ok
17:14:40.0002 6484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:14:40.0010 6484 iirsp - ok
17:14:40.0019 6484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:14:40.0052 6484 IKEEXT - ok
17:14:40.0095 6484 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:14:40.0150 6484 IntcAzAudAddService - ok
17:14:40.0154 6484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:14:40.0162 6484 intelide - ok
17:14:40.0164 6484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:14:40.0174 6484 intelppm - ok
17:14:40.0177 6484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:14:40.0202 6484 IPBusEnum - ok
17:14:40.0204 6484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:40.0227 6484 IpFilterDriver - ok
17:14:40.0233 6484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:14:40.0250 6484 iphlpsvc - ok
17:14:40.0253 6484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:14:40.0262 6484 IPMIDRV - ok
17:14:40.0265 6484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:14:40.0288 6484 IPNAT - ok
17:14:40.0295 6484 [ 44886233135241F3990724082EB104EE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:14:40.0311 6484 iPod Service - ok
17:14:40.0313 6484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:14:40.0325 6484 IRENUM - ok
17:14:40.0327 6484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:14:40.0335 6484 isapnp - ok
17:14:40.0339 6484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:14:40.0350 6484 iScsiPrt - ok
17:14:40.0353 6484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:14:40.0360 6484 kbdclass - ok
17:14:40.0362 6484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:14:40.0371 6484 kbdhid - ok
17:14:40.0374 6484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:14:40.0382 6484 KeyIso - ok
17:14:40.0385 6484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:14:40.0394 6484 KSecDD - ok
17:14:40.0397 6484 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:14:40.0406 6484 KSecPkg - ok
17:14:40.0408 6484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:14:40.0431 6484 ksthunk - ok
17:14:40.0436 6484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:14:40.0464 6484 KtmRm - ok
17:14:40.0468 6484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:14:40.0492 6484 LanmanServer - ok
17:14:40.0495 6484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:14:40.0519 6484 LanmanWorkstation - ok
17:14:40.0525 6484 [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:14:40.0539 6484 LBTServ - ok
17:14:40.0543 6484 [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:14:40.0551 6484 LHidFilt - ok
17:14:40.0554 6484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:14:40.0577 6484 lltdio - ok
17:14:40.0582 6484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:14:40.0607 6484 lltdsvc - ok
17:14:40.0609 6484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:14:40.0632 6484 lmhosts - ok
17:14:40.0634 6484 [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:14:40.0642 6484 LMouFilt - ok
17:14:40.0646 6484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:14:40.0655 6484 LSI_FC - ok
17:14:40.0658 6484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:14:40.0666 6484 LSI_SAS - ok
17:14:40.0669 6484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:14:40.0677 6484 LSI_SAS2 - ok
17:14:40.0679 6484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:14:40.0688 6484 LSI_SCSI - ok
17:14:40.0691 6484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:14:40.0714 6484 luafv - ok
17:14:40.0717 6484 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:14:40.0724 6484 MBAMProtector - ok
17:14:40.0730 6484 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:14:40.0741 6484 MBAMScheduler - ok
17:14:40.0749 6484 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:14:40.0765 6484 MBAMService - ok
17:14:40.0768 6484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:14:40.0780 6484 Mcx2Svc - ok
17:14:40.0782 6484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:14:40.0790 6484 megasas - ok
17:14:40.0794 6484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:14:40.0805 6484 MegaSR - ok
17:14:40.0808 6484 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:14:40.0815 6484 MEIx64 - ok
17:14:40.0818 6484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:14:40.0841 6484 MMCSS - ok
17:14:40.0844 6484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:14:40.0867 6484 Modem - ok
17:14:40.0869 6484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:14:40.0880 6484 monitor - ok
17:14:40.0883 6484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:14:40.0891 6484 mouclass - ok
17:14:40.0893 6484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:14:40.0903 6484 mouhid - ok
17:14:40.0905 6484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:14:40.0914 6484 mountmgr - ok
17:14:40.0917 6484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:14:40.0926 6484 mpio - ok
17:14:40.0929 6484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:14:40.0951 6484 mpsdrv - ok
17:14:40.0960 6484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:14:40.0988 6484 MpsSvc - ok
17:14:40.0991 6484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:14:41.0004 6484 MRxDAV - ok
17:14:41.0008 6484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:41.0018 6484 mrxsmb - ok
17:14:41.0023 6484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:41.0033 6484 mrxsmb10 - ok
17:14:41.0036 6484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:41.0045 6484 mrxsmb20 - ok
17:14:41.0047 6484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:14:41.0055 6484 msahci - ok
17:14:41.0058 6484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:14:41.0067 6484 msdsm - ok
17:14:41.0070 6484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:14:41.0082 6484 MSDTC - ok
17:14:41.0086 6484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:14:41.0109 6484 Msfs - ok
17:14:41.0111 6484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:14:41.0134 6484 mshidkmdf - ok
17:14:41.0136 6484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:14:41.0144 6484 msisadrv - ok
17:14:41.0148 6484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:14:41.0173 6484 MSiSCSI - ok
17:14:41.0175 6484 msiserver - ok
17:14:41.0177 6484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:14:41.0200 6484 MSKSSRV - ok
17:14:41.0202 6484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:41.0226 6484 MSPCLOCK - ok
17:14:41.0228 6484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:14:41.0250 6484 MSPQM - ok
17:14:41.0255 6484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:14:41.0267 6484 MsRPC - ok
17:14:41.0270 6484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:14:41.0278 6484 mssmbios - ok
17:14:41.0281 6484 MSSQL$SIBBAUWERKE - ok
17:14:41.0284 6484 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
17:14:41.0289 6484 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
17:14:41.0289 6484 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
17:14:41.0292 6484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:14:41.0315 6484 MSTEE - ok
17:14:41.0317 6484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:14:41.0326 6484 MTConfig - ok
17:14:41.0329 6484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:14:41.0337 6484 Mup - ok
17:14:41.0343 6484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:14:41.0370 6484 napagent - ok
17:14:41.0374 6484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:14:41.0389 6484 NativeWifiP - ok
17:14:41.0399 6484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:14:41.0416 6484 NDIS - ok
17:14:41.0419 6484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:41.0442 6484 NdisCap - ok
17:14:41.0444 6484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:41.0467 6484 NdisTapi - ok
17:14:41.0469 6484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:41.0492 6484 Ndisuio - ok
17:14:41.0495 6484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:41.0519 6484 NdisWan - ok
17:14:41.0521 6484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:14:41.0544 6484 NDProxy - ok
17:14:41.0547 6484 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:14:41.0553 6484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:14:41.0553 6484 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:14:41.0555 6484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:14:41.0579 6484 NetBIOS - ok
17:14:41.0583 6484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:14:41.0606 6484 NetBT - ok
17:14:41.0609 6484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:14:41.0618 6484 Netlogon - ok
17:14:41.0623 6484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:14:41.0649 6484 Netman - ok
17:14:41.0652 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0662 6484 NetMsmqActivator - ok
17:14:41.0664 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0673 6484 NetPipeActivator - ok
17:14:41.0679 6484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:14:41.0706 6484 netprofm - ok
17:14:41.0708 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0717 6484 NetTcpActivator - ok
17:14:41.0719 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0727 6484 NetTcpPortSharing - ok
17:14:41.0730 6484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:14:41.0738 6484 nfrd960 - ok
17:14:41.0742 6484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:14:41.0755 6484 NlaSvc - ok
17:14:41.0757 6484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:14:41.0780 6484 Npfs - ok
17:14:41.0783 6484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:14:41.0806 6484 nsi - ok
17:14:41.0808 6484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:14:41.0831 6484 nsiproxy - ok
17:14:41.0848 6484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:14:41.0873 6484 Ntfs - ok
17:14:41.0875 6484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:14:41.0898 6484 Null - ok
17:14:41.0901 6484 [ A61B0AF4D6B934928CFD1140DEEA5C8D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:14:41.0910 6484 nusb3hub - ok
17:14:41.0914 6484 [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:14:41.0923 6484 nusb3xhc - ok
17:14:41.0926 6484 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:14:41.0935 6484 NVHDA - ok
17:14:42.0064 6484 [ 05B8A30A7DC10BB627916658A2B00D43 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:14:42.0203 6484 nvlddmkm - ok
17:14:42.0209 6484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:14:42.0218 6484 nvraid - ok
17:14:42.0222 6484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:14:42.0231 6484 nvstor - ok
17:14:42.0242 6484 [ FC5D949E5C0AE6A939ABCDFCD8D50361 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:14:42.0260 6484 nvsvc - ok
17:14:42.0281 6484 [ 0BDA359BCDDCDC4FAFB50DE3CE1B4484 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:14:42.0314 6484 nvUpdatusService - ok
17:14:42.0318 6484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:14:42.0326 6484 nv_agp - ok
17:14:42.0334 6484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:42.0347 6484 odserv - ok
17:14:42.0350 6484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:14:42.0360 6484 ohci1394 - ok
17:14:42.0364 6484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:42.0374 6484 ose - ok
17:14:42.0380 6484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:14:42.0392 6484 p2pimsvc - ok
17:14:42.0398 6484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:14:42.0410 6484 p2psvc - ok
17:14:42.0413 6484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:14:42.0423 6484 Parport - ok
17:14:42.0426 6484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:14:42.0434 6484 partmgr - ok
17:14:42.0438 6484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:14:42.0451 6484 PcaSvc - ok
17:14:42.0455 6484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:14:42.0464 6484 pci - ok
17:14:42.0466 6484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:14:42.0474 6484 pciide - ok
17:14:42.0477 6484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:14:42.0487 6484 pcmcia - ok
17:14:42.0490 6484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:14:42.0498 6484 pcw - ok
17:14:42.0513 6484 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
17:14:42.0540 6484 PDF Architect Helper Service - ok
17:14:42.0550 6484 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
17:14:42.0569 6484 PDF Architect Service - ok
17:14:42.0576 6484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:14:42.0603 6484 PEAUTH - ok
17:14:42.0616 6484 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:14:42.0636 6484 PeerDistSvc - ok
17:14:42.0658 6484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:14:42.0668 6484 PerfHost - ok
17:14:42.0683 6484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:14:42.0716 6484 pla - ok
17:14:42.0721 6484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:14:42.0735 6484 PlugPlay - ok
17:14:42.0738 6484 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:14:42.0743 6484 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:14:42.0743 6484 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:14:42.0746 6484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:14:42.0756 6484 PNRPAutoReg - ok
17:14:42.0761 6484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:14:42.0772 6484 PNRPsvc - ok
17:14:42.0779 6484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:14:42.0807 6484 PolicyAgent - ok
17:14:42.0811 6484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:14:42.0838 6484 Power - ok
17:14:42.0841 6484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:14:42.0864 6484 PptpMiniport - ok
17:14:42.0867 6484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:14:42.0877 6484 Processor - ok
17:14:42.0881 6484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:14:42.0894 6484 ProfSvc - ok
17:14:42.0896 6484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:42.0906 6484 ProtectedStorage - ok
17:14:42.0909 6484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:14:42.0932 6484 Psched - ok
17:14:42.0935 6484 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
17:14:42.0942 6484 PSI - ok
17:14:42.0957 6484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:14:42.0980 6484 ql2300 - ok
17:14:42.0983 6484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:14:42.0992 6484 ql40xx - ok
17:14:42.0996 6484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:14:43.0010 6484 QWAVE - ok
17:14:43.0013 6484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:14:43.0025 6484 QWAVEdrv - ok
17:14:43.0031 6484 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:14:43.0042 6484 RapiMgr - ok
17:14:43.0044 6484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:14:43.0068 6484 RasAcd - ok
17:14:43.0071 6484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:43.0094 6484 RasAgileVpn - ok
17:14:43.0097 6484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:14:43.0121 6484 RasAuto - ok
17:14:43.0125 6484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:43.0148 6484 Rasl2tp - ok
17:14:43.0153 6484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:14:43.0178 6484 RasMan - ok
17:14:43.0181 6484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:43.0206 6484 RasPppoe - ok
17:14:43.0208 6484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:14:43.0231 6484 RasSstp - ok
17:14:43.0236 6484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:14:43.0260 6484 rdbss - ok
17:14:43.0262 6484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:43.0273 6484 rdpbus - ok
17:14:43.0276 6484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:43.0298 6484 RDPCDD - ok
17:14:43.0303 6484 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:14:43.0314 6484 RDPDR - ok
17:14:43.0316 6484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:14:43.0339 6484 RDPENCDD - ok
17:14:43.0342 6484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:14:43.0365 6484 RDPREFMP - ok
17:14:43.0369 6484 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:14:43.0379 6484 RdpVideoMiniport - ok
17:14:43.0383 6484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:14:43.0395 6484 RDPWD - ok
17:14:43.0399 6484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:14:43.0409 6484 rdyboost - ok
17:14:43.0414 6484 [ 6B81926B784559ED1DA6238E160757EB ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
17:14:43.0426 6484 ReflectService.exe - ok
17:14:43.0429 6484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:14:43.0454 6484 RemoteAccess - ok
17:14:43.0458 6484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:14:43.0482 6484 RemoteRegistry - ok
17:14:43.0485 6484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:14:43.0509 6484 RpcEptMapper - ok
17:14:43.0511 6484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:14:43.0522 6484 RpcLocator - ok
17:14:43.0528 6484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:14:43.0554 6484 RpcSs - ok
17:14:43.0557 6484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:14:43.0581 6484 rspndr - ok
17:14:43.0589 6484 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:14:43.0603 6484 RTL8167 - ok
17:14:43.0605 6484 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:14:43.0614 6484 s3cap - ok
17:14:43.0616 6484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:14:43.0626 6484 SamSs - ok
17:14:43.0629 6484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:14:43.0638 6484 sbp2port - ok
17:14:43.0641 6484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:14:43.0666 6484 SCardSvr - ok
17:14:43.0668 6484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:14:43.0690 6484 scfilter - ok
17:14:43.0701 6484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:14:43.0733 6484 Schedule - ok
17:14:43.0736 6484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:14:43.0758 6484 SCPolicySvc - ok
17:14:43.0762 6484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:14:43.0774 6484 SDRSVC - ok
17:14:43.0777 6484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:14:43.0799 6484 secdrv - ok
17:14:43.0802 6484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:14:43.0825 6484 seclogon - ok
17:14:43.0841 6484 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:14:43.0877 6484 Secunia PSI Agent - ok
17:14:43.0886 6484 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:14:43.0902 6484 Secunia Update Agent - ok
17:14:43.0905 6484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:14:43.0929 6484 SENS - ok
17:14:43.0931 6484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:14:43.0942 6484 SensrSvc - ok
17:14:43.0944 6484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:14:43.0954 6484 Serenum - ok
17:14:43.0957 6484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:14:43.0968 6484 Serial - ok
17:14:43.0970 6484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:14:43.0979 6484 sermouse - ok
17:14:43.0985 6484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:14:44.0009 6484 SessionEnv - ok
17:14:44.0011 6484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:14:44.0022 6484 sffdisk - ok
17:14:44.0024 6484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:14:44.0035 6484 sffp_mmc - ok
17:14:44.0038 6484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:14:44.0048 6484 sffp_sd - ok
17:14:44.0050 6484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:14:44.0060 6484 sfloppy - ok
17:14:44.0065 6484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:14:44.0093 6484 SharedAccess - ok
17:14:44.0100 6484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:44.0126 6484 ShellHWDetection - ok
17:14:44.0129 6484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:14:44.0137 6484 SiSRaid2 - ok
17:14:44.0139 6484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:14:44.0148 6484 SiSRaid4 - ok
17:14:44.0152 6484 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:14:44.0162 6484 SkypeUpdate - ok
17:14:44.0165 6484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:14:44.0189 6484 Smb - ok
17:14:44.0193 6484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:14:44.0204 6484 SNMPTRAP - ok
17:14:44.0206 6484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:14:44.0214 6484 spldr - ok
17:14:44.0220 6484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:14:44.0235 6484 Spooler - ok
17:14:44.0267 6484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:14:44.0317 6484 sppsvc - ok
17:14:44.0320 6484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:14:44.0344 6484 sppuinotify - ok
17:14:44.0351 6484 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\System32\Drivers\sptd.sys
17:14:44.0364 6484 sptd - ok
17:14:44.0365 6484 SQLAgent$SIBBAUWERKE - ok
17:14:44.0372 6484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:14:44.0386 6484 srv - ok
17:14:44.0392 6484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:14:44.0403 6484 srv2 - ok
17:14:44.0407 6484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:14:44.0416 6484 srvnet - ok
17:14:44.0420 6484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:14:44.0444 6484 SSDPSRV - ok
17:14:44.0447 6484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:14:44.0470 6484 SstpSvc - ok
17:14:44.0477 6484 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:14:44.0486 6484 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
17:14:44.0486 6484 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
17:14:44.0491 6484 [ F7ACD2224E8FE9F17AF91B2B1FCBF722 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:14:44.0504 6484 Stereo Service - ok
17:14:44.0507 6484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:14:44.0515 6484 stexstor - ok
17:14:44.0522 6484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:14:44.0540 6484 stisvc - ok
17:14:44.0542 6484 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:14:44.0550 6484 storflt - ok
17:14:44.0553 6484 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:14:44.0563 6484 StorSvc - ok
17:14:44.0565 6484 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:14:44.0574 6484 storvsc - ok
17:14:44.0576 6484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:14:44.0583 6484 swenum - ok
17:14:44.0589 6484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:14:44.0616 6484 swprv - ok
17:14:44.0632 6484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:14:44.0658 6484 SysMain - ok
17:14:44.0661 6484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:44.0674 6484 TabletInputService - ok
17:14:44.0679 6484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:14:44.0703 6484 TapiSrv - ok
17:14:44.0706 6484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:14:44.0729 6484 TBS - ok
17:14:44.0746 6484 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:14:44.0774 6484 Tcpip - ok
17:14:44.0791 6484 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:14:44.0818 6484 TCPIP6 - ok
17:14:44.0821 6484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:14:44.0830 6484 tcpipreg - ok
17:14:44.0833 6484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:14:44.0843 6484 TDPIPE - ok
17:14:44.0845 6484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:14:44.0854 6484 TDTCP - ok
17:14:44.0857 6484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:14:44.0879 6484 tdx - ok
17:14:44.0881 6484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:14:44.0890 6484 TermDD - ok
17:14:44.0898 6484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:14:44.0925 6484 TermService - ok
17:14:44.0927 6484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:14:44.0940 6484 Themes - ok
17:14:44.0942 6484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:14:44.0965 6484 THREADORDER - ok
17:14:44.0968 6484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:14:44.0993 6484 TrkWks - ok
17:14:44.0997 6484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:45.0021 6484 TrustedInstaller - ok
17:14:45.0025 6484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:45.0047 6484 tssecsrv - ok
17:14:45.0050 6484 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:14:45.0061 6484 TsUsbFlt - ok
17:14:45.0064 6484 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:14:45.0072 6484 TsUsbGD - ok
17:14:45.0075 6484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:14:45.0098 6484 tunnel - ok
17:14:45.0101 6484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:14:45.0109 6484 uagp35 - ok
17:14:45.0114 6484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:14:45.0139 6484 udfs - ok
17:14:45.0143 6484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:14:45.0154 6484 UI0Detect - ok
17:14:45.0157 6484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:14:45.0165 6484 uliagpkx - ok
17:14:45.0168 6484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:14:45.0178 6484 umbus - ok
17:14:45.0180 6484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:14:45.0189 6484 UmPass - ok
17:14:45.0193 6484 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:14:45.0204 6484 UmRdpService - ok
17:14:45.0209 6484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:14:45.0236 6484 upnphost - ok
17:14:45.0239 6484 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:14:45.0249 6484 USBAAPL64 - ok
17:14:45.0253 6484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:45.0263 6484 usbccgp - ok
17:14:45.0266 6484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:14:45.0278 6484 usbcir - ok
17:14:45.0280 6484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:14:45.0290 6484 usbehci - ok
17:14:45.0295 6484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:14:45.0306 6484 usbhub - ok
17:14:45.0309 6484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:14:45.0318 6484 usbohci - ok
17:14:45.0320 6484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:14:45.0331 6484 usbprint - ok
17:14:45.0334 6484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:45.0348 6484 USBSTOR - ok
17:14:45.0350 6484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:14:45.0360 6484 usbuhci - ok
17:14:45.0363 6484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:14:45.0387 6484 UxSms - ok
17:14:45.0389 6484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:14:45.0398 6484 VaultSvc - ok
17:14:45.0401 6484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:14:45.0409 6484 vdrvroot - ok
17:14:45.0415 6484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:14:45.0442 6484 vds - ok
17:14:45.0444 6484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:45.0455 6484 vga - ok
17:14:45.0457 6484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:14:45.0480 6484 VgaSave - ok
17:14:45.0484 6484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:14:45.0494 6484 vhdmp - ok
17:14:45.0496 6484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:14:45.0504 6484 viaide - ok
17:14:45.0508 6484 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:14:45.0517 6484 vmbus - ok
17:14:45.0520 6484 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:14:45.0529 6484 VMBusHID - ok
17:14:45.0532 6484 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
17:14:45.0541 6484 vncmirror - ok
17:14:45.0544 6484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:14:45.0553 6484 volmgr - ok
17:14:45.0557 6484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:14:45.0569 6484 volmgrx - ok
17:14:45.0574 6484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:14:45.0585 6484 volsnap - ok
17:14:45.0589 6484 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
17:14:45.0598 6484 vpcbus - ok
17:14:45.0601 6484 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:14:45.0611 6484 vpcnfltr - ok
17:14:45.0614 6484 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
17:14:45.0623 6484 vpcusb - ok
17:14:45.0628 6484 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
17:14:45.0639 6484 vpcvmm - ok
17:14:45.0642 6484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:14:45.0652 6484 vsmraid - ok
17:14:45.0667 6484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:14:45.0702 6484 VSS - ok
17:14:45.0705 6484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:14:45.0715 6484 vwifibus - ok
17:14:45.0721 6484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:14:45.0746 6484 W32Time - ok
17:14:45.0749 6484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:14:45.0758 6484 WacomPen - ok
17:14:45.0761 6484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:14:45.0784 6484 WANARP - ok
17:14:45.0786 6484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:14:45.0808 6484 Wanarpv6 - ok
17:14:45.0823 6484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:14:45.0845 6484 wbengine - ok
17:14:45.0848 6484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:14:45.0863 6484 WbioSrvc - ok
17:14:45.0869 6484 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:14:45.0882 6484 WcesComm - ok
17:14:45.0887 6484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:14:45.0903 6484 wcncsvc - ok
17:14:45.0906 6484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:45.0918 6484 WcsPlugInService - ok
17:14:45.0921 6484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:14:45.0928 6484 Wd - ok
17:14:45.0937 6484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:14:45.0954 6484 Wdf01000 - ok
17:14:45.0957 6484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:14:45.0983 6484 WdiServiceHost - ok
17:14:45.0985 6484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:14:45.0998 6484 WdiSystemHost - ok
17:14:46.0002 6484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:14:46.0017 6484 WebClient - ok
17:14:46.0021 6484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:14:46.0047 6484 Wecsvc - ok
17:14:46.0050 6484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:14:46.0074 6484 wercplsupport - ok
17:14:46.0077 6484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:14:46.0100 6484 WerSvc - ok
17:14:46.0102 6484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:46.0125 6484 WfpLwf - ok
17:14:46.0127 6484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:14:46.0135 6484 WIMMount - ok
17:14:46.0137 6484 WinDefend - ok
17:14:46.0140 6484 WinHttpAutoProxySvc - ok
17:14:46.0149 6484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:14:46.0173 6484 Winmgmt - ok
17:14:46.0192 6484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:14:46.0230 6484 WinRM - ok
17:14:46.0235 6484 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:46.0246 6484 WinUsb - ok
17:14:46.0256 6484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:14:46.0275 6484 Wlansvc - ok
17:14:46.0278 6484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:14:46.0287 6484 WmiAcpi - ok
17:14:46.0292 6484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:14:46.0303 6484 wmiApSrv - ok
17:14:46.0305 6484 WMPNetworkSvc - ok
17:14:46.0308 6484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:14:46.0318 6484 WPCSvc - ok
17:14:46.0321 6484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:14:46.0337 6484 WPDBusEnum - ok
17:14:46.0339 6484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:14:46.0362 6484 ws2ifsl - ok
17:14:46.0365 6484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:14:46.0379 6484 wscsvc - ok
17:14:46.0381 6484 WSearch - ok
17:14:46.0405 6484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:14:46.0437 6484 wuauserv - ok
17:14:46.0440 6484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:14:46.0451 6484 WudfPf - ok
17:14:46.0455 6484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:46.0465 6484 WUDFRd - ok
17:14:46.0468 6484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:14:46.0478 6484 wudfsvc - ok
17:14:46.0483 6484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:14:46.0497 6484 WwanSvc - ok
17:14:46.0500 6484 ================ Scan global ===============================
17:14:46.0502 6484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:14:46.0505 6484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:14:46.0510 6484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:14:46.0513 6484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:14:46.0518 6484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:14:46.0520 6484 [Global] - ok
17:14:46.0520 6484 ================ Scan MBR ==================================
17:14:46.0522 6484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:14:46.0611 6484 \Device\Harddisk1\DR1 - ok
17:14:46.0626 6484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:46.0819 6484 \Device\Harddisk0\DR0 - ok
17:14:46.0819 6484 ================ Scan VBR ==================================
17:14:46.0823 6484 [ ABF27788D8224B0837C324C650D276BC ] \Device\Harddisk1\DR1\Partition1
17:14:46.0824 6484 \Device\Harddisk1\DR1\Partition1 - ok
17:14:46.0827 6484 [ 8523979BF99FC5EE298312563D4CE922 ] \Device\Harddisk1\DR1\Partition2
17:14:46.0829 6484 \Device\Harddisk1\DR1\Partition2 - ok
17:14:46.0832 6484 [ 92C633C00A33369ADEA91DC808EABF07 ] \Device\Harddisk0\DR0\Partition1
17:14:46.0834 6484 \Device\Harddisk0\DR0\Partition1 - ok
17:14:46.0836 6484 [ 6D8FC7DBB9710CB30522190526BB1FFE ] \Device\Harddisk0\DR0\Partition2
17:14:46.0838 6484 \Device\Harddisk0\DR0\Partition2 - ok
17:14:46.0838 6484 ============================================================
17:14:46.0838 6484 Scan finished
17:14:46.0838 6484 ============================================================
17:14:46.0846 6560 Detected object count: 5
17:14:46.0846 6560 Actual detected object count: 5
17:16:40.0361 6560 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0362 6560 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:40.0363 6560 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0363 6560 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:40.0364 6560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0364 6560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:40.0365 6560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0365 6560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:40.0366 6560 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0366 6560 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:17.0163 2772 Deinitialize success
|
|
18.03.2013, 22:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | betroffen von adserverplus.com und hält sich hartäckig Recht unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 09:15
| #15 |
| | betroffen von adserverplus.com und hält sich hartäckig Ich habe zweimal vergeblich versucht den Virenwächter von GDdata zu beenden. Auch die Datei AVKTray.exe lies sich im Taskmanager nicht beenden. Ich habe daraufhin einfach das Antivirenprogramm deinstaliert. Der Rechner wurde aber nicht runtergefahren. Dann lief JRT ordenlich durch. Hier der Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x64
Ran by Wolff on 19.03.2013 at 8:02:44,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 8:07:41,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rechner neu gestartet. Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 08:10:12 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Wolff - CAD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wolff\Desktop\System\reinigung\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [957 octets] - [18/03/2013 08:59:44]
AdwCleaner[S1].txt - [901 octets] - [19/03/2013 08:10:12]
########## EOF - C:\AdwCleaner[S1].txt - [960 octets] ##########
Code:
ATTFilter OTL logfile created on: 19.03.2013 08:15:41 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolff\Desktop\System\entferner 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,34% Memory free 15,97 Gb Paging File | 13,80 Gb Available in Paging File | 86,46% Paging File free Paging file location(s): f:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 39,85 Gb Free Space | 35,68% Space Free | Partition Type: NTFS Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS Computer Name: CAD | User Name: Wolff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Wolff\Desktop\System\entferner\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft) PRC - C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfcore160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfeditor160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\expertpdfcore160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsvector160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsprinters160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprinter160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\BBlite160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\PKIECtrl160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\TMSlite160.bpl () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspropsaver160.bpl () MOD - C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPI.dll () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vstrees160.bpl () MOD - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll () MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\js32.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (ReflectService.exe) -- C:\Programme\Macrium\Reflect\ReflectService.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (MSSQL$SIBBAUWERKE) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SIBBAUWERKE) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlagent.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (SafeNet Inc.) DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (SafeNet Inc.) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (SafeNet Inc.) DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idea.de/startseite.html IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 E7 B8 2F AC 0D CE 01 [binary data] IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\hp.com/hpePrintShare: C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL (hp) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.04 12:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.08 15:05:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.16 08:12:56 | 000,000,000 | ---D | M] [2013.02.08 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Wolff\AppData\Roaming\Mozilla\plugins\npatgpc.dll CHR - plugin: hp ePrint&Share (Enabled) = C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Logitech SetPoint = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Google Mail = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Auto Lyrics = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Heleni Uploader] C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MBoxUtil Clean] C:\Program Files (x86)\KONICA MINOLTA\BOX Utility\BoxUtil.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files (x86)\SFirm32\sfWinStartupInfo.exe (BIVG Hannover) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [neoSearch] C:\Users\Wolff\AppData\Roaming\KoshyJohn.com\neoSearch\neoSearch.exe (KoshyJohn.com) O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E97791-E79B-461C-8829-74443A2FEB33}: NameServer = 192.168.137.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.15 12:22:57 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\starter.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 08:00:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.18 13:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.03.17 09:59:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 09:59:08 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 07:06:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\Malwarebytes [2013.03.16 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 10:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.16 10:07:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.16 10:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.16 08:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics [2013.03.13 21:08:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 21:08:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 21:08:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 21:08:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 21:08:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 21:08:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 21:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 21:08:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 21:08:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 21:08:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 21:08:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 21:08:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 21:08:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 21:08:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 21:08:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.12 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Readiris [2013.03.12 22:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. [2013.03.12 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Readiris Pro 12 [2013.03.12 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.03.08 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Logishrd [2013.03.08 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.03.08 15:00:51 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2013.03.08 15:00:14 | 022,309,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.03.08 15:00:14 | 018,584,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.03.08 15:00:14 | 016,470,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.03.08 15:00:14 | 013,013,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.03.08 15:00:14 | 012,010,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.03.08 15:00:14 | 007,132,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.03.08 15:00:14 | 006,561,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.03.08 15:00:14 | 005,306,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.03.08 15:00:14 | 002,946,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.03.08 15:00:14 | 002,806,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.03.08 15:00:14 | 002,344,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.03.08 15:00:14 | 002,215,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.03.08 15:00:14 | 002,084,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.03.08 15:00:14 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.03.08 15:00:14 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.03.07 12:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir [2013.03.07 07:58:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 07:58:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 07:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.06 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\HEITKER [2013.03.04 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Wondershare PDF to Word [2013.03.02 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\UltraVNC [2013.03.02 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC [2013.03.02 10:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\uvnc bvba [2013.03.01 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.27 18:00:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 18:00:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 18:00:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 18:00:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 17:59:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 17:59:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 17:59:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 17:59:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 17:59:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 17:59:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 17:59:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 17:59:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 17:59:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 17:59:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 17:59:58 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 17:59:57 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 17:59:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 17:59:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 17:59:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 17:59:57 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 17:59:57 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 17:59:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 17:59:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.23 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.thumbnails [2013.02.23 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\fontconfig [2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\gegl-0.2 [2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.gimp-2.8 [2013.02.23 16:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.02.23 10:16:09 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll [2013.02.23 10:16:09 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys [2013.02.22 12:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.02.22 12:37:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.02.22 12:37:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.02.22 12:37:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.02.22 12:37:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.02.22 12:37:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.02.22 12:37:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.02.22 12:37:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.02.22 12:37:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.02.22 12:37:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.02.22 12:37:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.02.22 12:37:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.02.22 12:37:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.02.22 12:37:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.02.22 12:37:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.02.22 12:37:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.02.22 12:37:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.02.22 12:37:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.02.22 12:37:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.02.22 12:37:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.02.22 12:37:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.02.22 12:37:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.02.22 12:37:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.02.22 12:37:36 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.02.22 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\XnView [2013.02.22 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Secunia PSI [2013.02.22 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.02.21 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.20 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.20 12:11:52 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.20 12:11:52 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 08:15:38 | 001,704,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.19 08:15:38 | 000,732,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.19 08:15:38 | 000,679,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.19 08:15:38 | 000,164,332 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.19 08:15:38 | 000,133,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.19 08:14:32 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job [2013.03.19 08:11:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.19 08:11:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 08:11:14 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 08:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 07:42:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.19 07:29:06 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 07:29:06 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 06:58:53 | 001,011,756 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.03.18 06:58:53 | 000,053,051 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.03.16 10:07:40 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 09:19:58 | 000,000,216 | ---- | M] () -- C:\Users\Wolff\defogger_reenable [2013.03.14 17:43:32 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.13 18:10:57 | 000,125,420 | ---- | M] () -- C:\Users\Wolff\Documents\Readiris.DUS [2013.03.13 09:58:45 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV24.dll [2013.03.12 22:13:22 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk [2013.03.12 22:13:22 | 000,000,150 | ---- | M] () -- C:\Windows\Readiris.ini [2013.03.12 21:29:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 21:29:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 08:29:35 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV14.dll [2013.03.11 19:07:02 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk [2013.03.08 15:05:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.03.07 12:14:29 | 000,003,652 | ---- | M] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk [2013.03.07 07:58:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.07 07:58:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 07:58:33 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 07:58:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.06 16:50:04 | 000,275,160 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppr4-x64.dll [2013.03.06 16:49:58 | 000,250,072 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppmon4.dll [2013.03.02 07:59:03 | 000,000,241 | ---- | M] () -- C:\Users\Wolff\Documents\ax_files.xml [2013.02.23 16:20:53 | 000,001,518 | ---- | M] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel [2013.02.22 12:33:14 | 000,001,799 | ---- | M] () -- C:\Users\Wolff\Desktop\XnView.lnk [2013.02.22 12:32:22 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk [2013.02.22 12:31:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.22 12:29:36 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.02.22 10:52:13 | 000,001,168 | ---- | M] () -- C:\Users\Wolff\Desktop\PC-Adreßzz! 7.x.LNK [2013.02.22 10:50:09 | 000,001,197 | ---- | M] () -- C:\Users\Wolff\Desktop\Safer Mail 6.x.LNK [2013.02.21 19:16:13 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.20 20:07:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.19 09:06:25 | 000,000,243 | ---- | M] () -- C:\Users\Wolff\Documents\acad.err [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.16 10:07:40 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 09:19:58 | 000,000,216 | ---- | C] () -- C:\Users\Wolff\defogger_reenable [2013.03.16 08:12:58 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job [2013.03.13 18:03:10 | 000,125,420 | ---- | C] () -- C:\Users\Wolff\Documents\Readiris.DUS [2013.03.12 22:13:22 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk [2013.03.12 22:13:22 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini [2013.03.11 19:07:07 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV24.dll [2013.03.11 19:07:02 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk [2013.03.07 12:14:29 | 000,003,652 | ---- | C] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk [2013.02.23 16:20:53 | 000,001,518 | ---- | C] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel [2013.02.23 16:04:13 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.02.22 12:33:14 | 000,001,799 | ---- | C] () -- C:\Users\Wolff\Desktop\XnView.lnk [2013.02.22 12:29:36 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.02.22 12:29:36 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.02.21 19:28:02 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.21 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.20 12:11:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.19 09:06:25 | 000,000,243 | ---- | C] () -- C:\Users\Wolff\Documents\acad.err [2013.02.02 19:05:31 | 000,004,608 | ---- | C] () -- C:\Users\Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 16:43:42 | 000,700,365 | ---- | C] () -- C:\Windows\unins000.exe [2012.10.13 16:43:42 | 000,032,607 | ---- | C] () -- C:\Windows\unins000.dat [2012.10.03 09:55:25 | 000,007,143 | ---- | C] () -- C:\Windows\Rohre.ini [2012.10.03 09:07:58 | 001,511,936 | ---- | C] () -- C:\Windows\SysWow64\Vdk200.dll [2012.10.03 09:07:58 | 001,121,280 | ---- | C] () -- C:\Windows\SysWow64\flt_pdf.dll [2012.10.03 09:07:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\vgw_url.dll [2012.10.03 09:07:58 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\flt_rec.dll [2012.10.03 09:07:58 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\flt_kv.dll [2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_tofl.dll [2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_meta.dll [2012.10.03 09:07:58 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\flt_tobf.dll [2012.10.03 09:07:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\utf7.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\utf8.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\unicode.dll [2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\europa3.dll [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XTree.ini [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XSearch.ini [2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XIndex.ini [2012.10.01 12:27:42 | 000,000,221 | ---- | C] () -- C:\Windows\espia.ini [2012.10.01 12:22:24 | 000,000,353 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.10.01 12:20:25 | 000,000,227 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.01 10:51:30 | 000,000,093 | ---- | C] () -- C:\Users\Wolff\AppData\Local\fusioncache.dat [2012.09.29 14:18:02 | 001,011,756 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.28 20:00:06 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV14.dll [2012.09.28 19:31:53 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll [2012.09.28 19:31:24 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll [2012.09.28 19:31:24 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll [2012.09.28 19:31:24 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll [2012.09.28 19:13:45 | 000,000,397 | ---- | C] () -- C:\Windows\BoxUtil.INI [2012.09.28 19:13:45 | 000,000,171 | ---- | C] () -- C:\Windows\MBoxWin.ini [2012.09.28 18:48:19 | 001,684,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.25 12:00:33 | 000,039,049 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.25 11:57:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.25 11:57:41 | 000,028,702 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.12.10 21:12:58 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.06.08 08:44:04 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 08:15:41 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolff\Desktop\System\entferner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,34% Memory free
15,97 Gb Paging File | 13,80 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 39,85 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS
Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
Computer Name: CAD | User Name: Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F661A6-214A-40B3-A982-E8478411A85D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{270714B0-FB74-49BB-B34D-7E29CB8225E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{2FDCD7FF-7AB0-4921-B174-B66B7D675411}" = lport=137 | protocol=17 | dir=in | app=system |
"{323354F5-909A-4117-8175-56F947ABCAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3876B242-A740-4D19-91F7-89B66FB377BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41D3D313-8C8D-4E9C-AFE3-9B5BC244FE1C}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{58905349-EB4D-45E3-8845-736834716D2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6162214F-B5F4-4371-965E-BB04F97B2267}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6B243003-1860-4D62-AB43-A51ACF9B8CBB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7441FF7A-A6DE-401B-8C60-5E1CF5C0D10D}" = rport=138 | protocol=17 | dir=out | app=system |
"{87C4D4CA-9FC3-49B9-A561-E86EA666DC9E}" = rport=139 | protocol=6 | dir=out | app=system |
"{8AE6C0F5-2600-451E-9BAC-7AC2ABE269F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{903650D9-44C8-4C41-8A38-3D31CA4C3BAC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9769E2BE-8A81-464D-B6F9-13F9906C374B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BA63D2C-7B61-4DE0-AC68-DE7260A7DD95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAEE13CC-1632-4C03-B373-75A6EDF8951F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD4A1ED2-8956-4F2A-A75F-D90D4C48C9DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFD9FF79-C2FB-4D7B-AA46-E124D3A32D91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB424448-41BC-4CAC-9BF3-2FD014160C52}" = lport=445 | protocol=6 | dir=in | app=system |
"{C25D0FF5-D489-45D2-B663-3841690F71E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CECDC566-BF3F-4041-B7B3-EB89CE93278A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4FFE512-36DD-47AE-899E-DB5E107F9782}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{EE3A6035-4906-4009-8484-CB95357B41EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F417E294-ABB5-4E32-A1BA-6E5EA7D6BEFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8E0FF58-3A2D-48A2-A49A-D434C35C72EE}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B56FA73-D6E0-4BBE-8CAD-1A961E93E1B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{152B1D08-569B-4FA9-A0E6-E57F7739A080}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19BF6D43-76C8-42A9-A212-7D37A0113159}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1FB5E3E8-25B4-4E4E-ABB9-67FDBC161623}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C0D66DE-985A-4E70-A30D-0648F15EE07F}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe |
"{445D9B44-874D-4551-B479-56133529C143}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B8D5B33-64D0-4C5C-8C09-FF8D532DDAB5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E55DCE2-D15B-482E-9FDC-FCE904CC2803}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe |
"{5795754A-B4F5-4B9F-9E56-653AE0D4899A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61BF740E-1F89-4610-B4AD-841A84B37EEB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6BD568BA-AA90-4826-9E3C-A919D3E8B14F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80C519B5-3F66-41E2-BFBF-0A3C0999C5B6}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe |
"{8F8A9365-A253-43E3-BBFF-A98785724DE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA729D65-1EF8-4858-B650-248BAFA4C4D1}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe |
"{B1C2B0EE-F5A9-43A1-A6DF-D90A337ED0D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2ACF863-BAF6-4D66-93EE-57E777F18F6B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD21C4D3-200B-46BA-B156-BF87DC56CC7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDE54050-318F-4AB4-8C96-4F7D82BCCE0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C02F445B-3C16-4EFE-8F50-83649EB45212}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CABE40A7-D33E-4545-B347-D23EBA781F91}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe |
"{CC4D62E9-6D75-4F78-B312-2B0582E9A365}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D91FFBA3-CE2F-4B69-BE98-6E408C8B3754}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD16C6B1-2138-487C-A5BB-F965DAAC0FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E698A7B9-681C-4205-8E69-E0362D2464F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EBBBF100-97D6-45E1-A9ED-9D1A5AADF19E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EBF28DCD-821D-4FCA-AA2B-5360AB6EA347}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FAF0FB4A-67BF-4610-B79E-F1F6A59DFE85}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCA996D8-99FC-4BA5-B0EB-94CF40AFEED4}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe |
"TCP Query User{39492561-76AE-49F6-BA8F-FD29F8718C54}C:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe |
"TCP Query User{3ACA99E7-179D-46A5-BA2E-8F06F10DC340}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe |
"TCP Query User{3F192E4A-05A9-4E5B-A61E-0271046DFA0D}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe |
"UDP Query User{0B6BE29D-D6D3-4197-AB33-9C179FC55CBA}C:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe |
"UDP Query User{286661B2-55B7-48AD-B553-708F16FFA7DA}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe |
"UDP Query User{BD84C7F4-6A4C-4626-9335-2B43CA328F83}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15BC6A33-01B9-4911-8487-611A53A3C04C}" = CGSCivil3DTools 2013 DEU
"{18C072CD-329D-4681-A714-13EE5DBEF711}" = Macrium Reflect Standard Edition
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45634476-E95A-420E-8BB4-9285D7FD9FB8}" = HP ePrint and Share
"{477D0032-A4FC-4F9E-8C74-CBA40B712E88}" = Autodesk® Storm and Sanitary Analysis 2012 x64 Plug-in
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A000-0407-0102-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1102-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{6084673C-0F68-4007-B791-0603663F1E55}" = AutoCAD Civil 3D 2012 Extension
"{615C9088-E58C-448A-B5F3-AB5F51F29082}" = 64 Bit HP CIO Components Installer
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92427257-DF69-4842-8006-3D72438925FB}" = Autodesk Subassembly Composer on AutoCAD Civil 3D 2012 - German (Standard)
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.0.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E598BA7B-3665-42D5-901D-429F99C23668}" = CGS plus License Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Auerswald Fax Drucker" = Auerswald Fax
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"AutoCAD Civil 3D 2012 SP2" = AutoCAD Civil 3D 2012 SP2
"FinePrint" = FinePrint
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PDF Report Writer_is1" = PDF Report Writer (novaPDF 6.4 printer)
"pdfFactory Pro" = pdfFactory Pro
"sp6" = Logitech SetPoint 6.52
"Ultravnc2_is1" = UltraVnc
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07291D1E-253B-4250-9263-4944898FD423}" = CadTools
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0B5A3E68-DC81-4A4A-BB37-39EF8E782312}" = Herrnhuter Losungen
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2C8E33AD-BF1D-4F35-AE5E-DD0978D6325A}" = ASBwin 9.0
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{336E61EA-E5DF-40E3-BB16-0F1A814AF368}" = STLB-Bau XML V2 - Client
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{366E1711-9FDC-4FCE-87AC-B87AC956BD8B}" = PC-Formular VERGABE 4.2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1" = Ashampoo WinOptimizer 2013 v.1.0.0
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{541217C0-5D69-45F3-9AC7-5321C0E16336}" = BOX Utility
"{55436A44-8385-4542-B38D-164713E1472A}" = SFirm32
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}" = HEC-RAS 4.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C67B335-C9F1-4202-8DB0-66F70C7796A6}" = AutoCAD Civil 3D 2012 32-Bit Objektaktivierer auf Autodesk Content Service - Language Neutral
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 3.6.0)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9502236B-D280-4105-9F9C-5C8140E35FF6}_is1" = GCR NAS Basistool Version 2.0
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0189FA-E34F-40ED-B163-0EFA73DEFF70}" = WSP-ASS 4.0
"{A2B09CFD-F0B2-30AF-8DF4-1DF6B63FC7B5}" = Auerswald COMfortel Set 2.8.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}" = Readiris Pro 12
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{D7926497-E476-489B-B4E9-DBFCA45483A2}" = Autodesk® Storm and Sanitary Analysis 2012
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SIBBauwerke)
"{E942B812-0768-48EE-903D-87B7EE463117}" = HTML.Browser.Framework 3.5.3 (x86)
"{EDC7967D-3D16-456F-BD6D-A3241A92879C}" = PC-Formular VERGABE 4.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate
"{FE37D048-272A-4005-BBA3-32ECB15C9A9B}" = AutoCAD Civil 3D 2012 32-Bit Objektaktivierer auf Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"autolyrics@man-soft.net" = Auto Lyrics
"DeInst_d2vexcrdTop50 Viewer (Build 1.1.5.596)" = Top50 Viewer
"ESET Online Scanner" = ESET Online Scanner v3
"Essential XML Editor" = Essential XML Editor
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"InstallShield_{15BC6A33-01B9-4911-8487-611A53A3C04C}" = CGSCivil3DTools 2013 DEU
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{541217C0-5D69-45F3-9AC7-5321C0E16336}" = BOX Utility
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ODBC" = ODBC
"OnlineBible" = Online Bibel 12.24
"PCA25-u" = PC-Adreßzz! 7.x deinstalieren
"PROHYBRIDR" = 2007 Microsoft Office system
"SaferMail-u" = Safer Mail deinstalieren
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SIB-BAUWERKE V 1.82" = SIB-BAUWERKE V 1.82
"SoftwareUpdater" = SoftwareUpdater
"Straßenbau A-Z" = Straßenbau A-Z deinstallieren
"sv.net" = sv.net
"VCmaster 2013_is1" = VCmaster 2013
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"XnView_is1" = XnView 1.99.6
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"OnlineBible" = Online Bibel 12.24
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 03:13:11 | Computer Name = CAD | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 29.12.2012 00:42:03 | Computer Name = CAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.02.2013 05:30:52 | Computer Name = CAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 170
seconds with 0 seconds of active time. This session ended with a crash.
< End of report >
Rechner neu gestartet. Nach Update des Virenscaner sind die WerbeFlashbilder immer noch da. |
|
| Themen zu betroffen von adserverplus.com und hält sich hartäckig |
| aktion, angeboten, antivirus, ausführung, brauche, ccleaner, center, dateien, download, eingefangen, gdata, gelöscht, installiert, log-datei, malwarebytes, programm, quarantäne, rechner, recycler, schutz, trojaner, update, virenschutz, virus, wireless |
Linear-Darstellung
