| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2013, 21:43
| #1 |
 |  Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo, mein Firefox hat heute eigenständig einen neuen Tab mit folgender Adresse: hxxp://e.ligatus.com/LigatusFallback.gif?ids=34088 geöffnet. Die Seite war leer und ich habe sie auch sofort wieder geschlossen. Kann mir jemand sagen, warum Firefox das gemacht hat und ob ich eventuell einen Virus auf dem PC habe. Es handelt sich um Windows 7 64Bit. Im Anschluss habe ich mit MalewareBytes ein Vollscan durchgeführt, allerdings ohne Befund. Danach hab ich noch ein Otl Scan, allerdings hab ich leider das Otl nicht auf dem Desktop, sondern bei den Downloads durchgeführt. Hier das Logfile: HTML-Code: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.27.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcel :: MARCEL-PC [Administrator] 27.03.2013 20:19:45 mbam-log-2013-03-27 (20-19-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 404980 Laufzeit: 1 Stunde(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.03.2013 21:22:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 4,79 Gb Available Physical Memory | 60,04% Memory free 15,94 Gb Paging File | 12,57 Gb Available in Paging File | 78,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 40,49 Gb Free Space | 40,49% Space Free | Partition Type: NTFS Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe () MOD - C:\Program Files (x86)\Vtune\TBManage.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SearchAnonymizer) -- C:\Users\Marcel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D F6 F0 7B 7C 29 CE 01 [binary data] IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{15DDC04D-6FFD-4BA3-A653-94E19713A8DD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{5B272025-5BED-44BF-A575-12D5C89AF4B2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{6820A245-544D-4A3A-BE48-18C53D7C4B21}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{C4039295-C47C-4CC0-B8C7-2D2F07429751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{CECB20D3-620B-4F93-98C7-8EA462C76547}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{F196558C-D112-4C55-A97D-AFBC0F31815F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.facebook.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 18:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions [2012.10.26 12:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\1kpvpsne.default\extensions [2012.10.07 13:39:54 | 000,002,101 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\googlede.xml [2012.05.05 23:26:12 | 000,001,088 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\{586F9D64-FAB6-4373-8E7D-1A00773DA688}.xml [2013.03.12 00:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 00:51:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.12 00:52:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 20:10:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 20:10:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.11 20:10:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 20:10:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 20:10:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 20:10:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Marcel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [ICQ] D:\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [SkyDrive] C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\RunOnce: [Uninstall C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\RunOnce: [Uninstall C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\RunOnce: [Uninstall C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_1" File not found O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7110CB85-BFA3-4C56-ACB6-0F2D9FC8ACC3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9915087E-A623-4958-88BB-AED5AF7FC7C4}: DhcpNameServer = 131.246.9.116 131.246.1.116 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell - "" = AutoRun O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell - "" = AutoRun O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.27 19:12:56 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp [2013.03.27 19:11:23 | 000,000,000 | R--D | C] -- C:\Users\Marcel\SkyDrive [2013.03.27 00:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [2013.03.27 00:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone [2013.03.27 00:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2013.03.26 21:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.03.26 03:10:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 18:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.24 18:42:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.24 18:42:19 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.24 18:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.17 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battle Realms [2013.03.16 14:13:24 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\SimCity 4 [2013.03.16 14:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2013.03.16 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis [2013.03.16 01:27:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.16 01:27:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.16 01:27:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.16 01:27:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.16 01:27:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.16 01:27:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.16 01:27:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.16 01:27:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.16 01:27:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.16 01:27:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.16 01:27:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.16 01:27:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.16 01:27:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.16 01:27:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.16 01:27:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.16 01:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.15 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\Programs [2013.03.15 21:10:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.12 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.03.27 21:23:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.27 18:57:36 | 000,002,026 | ---- | M] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk [2013.03.27 18:39:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:39:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:31:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.27 18:31:08 | 2123,972,607 | -HS- | M] () -- C:\hiberfil.sys [2013.03.27 01:40:22 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.27 01:40:22 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.27 01:40:22 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.27 01:40:22 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.27 01:40:22 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.27 01:40:15 | 001,590,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.26 23:43:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.26 13:05:21 | 313,835,000 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.24 18:42:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.24 18:42:15 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.24 18:42:15 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.18 16:04:38 | 000,003,059 | ---- | M] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk [2013.03.16 14:13:14 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\SimCity 4.lnk [2013.03.15 22:23:14 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.15 22:23:14 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.15 21:11:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 21:01:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll ========== Files Created - No Company Name ========== [2013.03.27 19:11:23 | 000,002,184 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.03.27 18:57:36 | 000,002,026 | ---- | C] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk [2013.03.27 00:38:37 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.26 23:43:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.18 16:04:38 | 000,003,059 | ---- | C] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk [2013.03.16 14:13:14 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\SimCity 4.lnk [2013.03.15 21:10:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.16 21:59:26 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.06 19:00:11 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DesktopIconForAmazon [2013.03.27 18:33:15 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Dropbox [2013.03.15 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Dylako [2013.03.27 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\ICQ [2012.03.11 15:21:55 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Kalypso Media [2012.03.16 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\OCS [2013.01.04 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Olipbe [2012.03.16 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Opera [2012.11.25 16:11:43 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Tropico 4 [2013.01.04 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Uvugo ========== Purity Check ========== < End of report > Und das Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.03.2013 21:22:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 4,79 Gb Available Physical Memory | 60,04% Memory free
15,94 Gb Paging File | 12,57 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 40,49 Gb Free Space | 40,49% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B12C1A4-7D89-478C-80AD-BC376D305F4B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D8EED73-27D7-4473-8508-A66E28691378}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F122A76-BB53-4A08-8BAE-2B1F89A8C5F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC0841F-EBA8-4A09-B844-756A9AB505D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ACE5863-7E27-4BE5-842D-5E44E6050000}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44ED232B-2A6F-4148-8B0E-C57082974C26}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F777C4D-33A8-4465-9389-BA42E75A7759}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5D7B516F-CF50-4228-A804-EA8086078F08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{670BFC23-0A76-4174-85C1-8497577E3C0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A4D740E-4A9F-4F14-9493-06FF605AB668}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7429B1CB-1EB3-4240-9A0C-8C3164BDB8CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{81EC6226-DCF6-42CF-884C-2149068F72C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D7B51B-8669-4C65-B293-A3D7DA6D1CF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA9E3FF-3A9F-4036-987F-1B9ED3E22653}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE8C73D9-E02E-4E7E-8DD8-C865A7021CB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79E5133-66C3-43B3-8CDD-1FA7497C568A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA28F387-E7B6-41E0-98FA-295370D27C72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE67CF32-9C4B-4060-8292-8B415866ADB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D82F49B9-6FCA-4400-AEEB-38B77AF9F533}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9A5092C-77AA-4064-8BAA-B2F08024CB77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F281F27E-212D-4B46-962F-7AD655488E03}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CBA2E9-7C2B-4D77-9C42-04DF90EEC5D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4EADAC2-CCA6-4985-A739-DE3DF5760EDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5C33322-8F7A-4D59-BB1E-F05BDF172569}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BEE0A-5D4B-4DFE-AEB8-B2C2E7BC606D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0980D335-DB20-4160-B4B3-DF4247889239}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{1416DB80-C34F-4976-951E-870656C37036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1439A8B1-BC56-4284-A7C4-B29447118B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1509B905-84E8-4387-B2C2-E2E78B7E712A}" = protocol=6 | dir=out | app=system |
"{1CF4B469-A92F-4462-8335-346EB4EB407E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{1D5E7BB5-02AA-4227-9288-405D1E490A70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26B29987-4E1C-4C28-93F3-3B6AA15C2ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C8025EC-DAA6-42CC-91CA-9BE269A42008}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{2E5846C0-0B04-458B-9D28-78BADA38737E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F83061C-D98A-44C0-A54C-F22DEF7A187F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{329D1D70-1E44-4CF8-88E4-126AD7598893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32E75B7E-9D06-4A9D-AC4A-C5697492A0AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33E2CC50-86C1-4FB8-9B67-D204F3301061}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{35DFEBE8-22B8-4505-81AE-237FD2864076}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3E0B332D-FE7C-4FBF-BFDC-43CBC183BA38}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{4089A2F8-E3AF-4F40-8F3F-7CC0BB841696}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{4706B015-45F7-4ACE-B4EB-2E253EAD5F7B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49A416F6-CDC5-40F3-AFF7-D05692A833A9}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{4FD7E8A9-B1BD-48F4-ADA5-C019AE06E52A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58EB19D5-8391-4BB0-8884-FAC8AAADEAA1}" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{59B65A99-FE1E-4942-B365-E3182B36BA74}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{5BC83DA0-6024-40A9-9094-DA539635C7A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{618D9FAD-5C3A-43C1-84BF-2C45D2CECE26}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{68F4DE10-B7DC-4213-B9B9-56B2AA12B1BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691E17C8-1D5D-4304-9C6C-8784D71E36EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7762E9E5-14A8-4063-AF1A-1DF2329D4339}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{798FC83A-C8AC-47EB-9D9B-CBB5CDD023A0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7B520039-2127-42B4-951E-73C854F0DA44}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{8BC07EA6-D399-49BA-8FC6-1CDAF313B351}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AD307F3-1FD9-4034-84F3-4F3A1A32610F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE36D6E-F223-4AAB-AF61-ABC66CD4F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D67A346-CB29-4A7A-B09B-60D9018B0C68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A58AB83E-C3D3-499B-989E-48F6EC3A9A66}" = dir=in | app=c:\users\marcel\appdata\local\microsoft\skydrive\skydrive.exe |
"{C11A7F46-1C46-4500-A35D-FB4744B32484}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C52AF2A8-D6B0-4B77-8AB9-A4BDE664D279}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{C7142AE0-37A3-4DE8-BE76-02309E17393F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDB0E7E-9105-44AF-AEED-6DAB07B27325}" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9D87791-4AD1-4206-AAC1-12AD4615427C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA4FC917-D6F7-4167-BC0D-DC0F55D07F1C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{FAC248BF-FAA6-4A78-9EDC-8D9CEC9C6EF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{11586AE9-943D-4AFA-9472-355130D1988B}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{4B819006-A64B-4737-8DCF-785EDAFF4557}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{6DE0CD46-9115-4C0C-AB64-E6FE91C8A163}D:\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"TCP Query User{78FFBB6E-8826-46B5-9332-5286FEE55643}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{84AA611D-D94D-494F-A795-54FFB5786C25}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B2D3FD3-C6B4-4114-942F-CC241253D06E}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{BE8EAFA9-866F-475D-A3F5-C65C5161FEB3}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{C9C42BC7-1FF8-48AE-86BB-160E6961D69A}D:\icq7m\icq.exe" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"TCP Query User{D3EEC0E2-165D-499B-9589-0F4D9FDB5F96}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{0480F8C3-EA10-4D8F-A2E2-ECD068E58054}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{2EE450DE-FF1C-48FC-87EB-22508D8A0359}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{402DC851-3E59-4300-9ED9-451A245E59CF}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5C7E0EBE-C045-469E-886A-8CB9455E8F7C}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{761C8177-7716-436F-98D4-D9F4960591D4}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{802B489B-4C32-4853-8694-398631E4ECC5}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{DE823802-8F04-4706-9303-82DBB1E68FA4}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E15B8227-FBD5-4341-A716-0F92F3C837A1}D:\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"UDP Query User{E2AA3373-BEE3-498F-9A15-1BFF3961DFDF}D:\icq7m\icq.exe" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18EFF59E-BB7D-40F9-BE20-6A910BADC2E1}" = Windows Phone
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenVPN" = OpenVPN 2.1.1-gui-1.0.3
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.12.2012 06:45:59 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.12.2012 06:54:33 | Computer Name = Marcel-PC | Source = Windows Backup | ID = 4103
Description =
Error - 22.12.2012 07:20:58 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.12.2012 07:47:06 | Computer Name = Marcel-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 23.12.2012 07:47:12 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.12.2012 14:00:08 | Computer Name = Marcel-PC | Source = Windows Backup | ID = 4103
Description =
Error - 24.12.2012 07:57:16 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.12.2012 07:53:53 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.12.2012 08:26:47 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 05:43:46 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 27.03.2013 13:55:13 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CStartParameters::GetCertificateInfo File: .\TLV\startparameters.cpp
Line:
1293 Invoked Function: CStartParameters::GetInfoByType Return Code: -32440304 (0xFE110010)
Description:
TLV_ERROR_NO_ATTRIBUTE
Error - 27.03.2013 13:55:13 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CCertificateInfoTlv::Serialize File: .\TLV\CertificateInfoTlv.cpp
Line:
569 Data to serialize is empty
Error - 27.03.2013 13:55:13 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCertificateInfoTlv::Assign File: .\TLV\CertificateInfoTlv.cpp
Line:
87 Invoked Function: CCertificateInfoTlv::Serialize Return Code: -23199733 (0xFE9E000B)
Description:
CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error - 27.03.2013 13:55:13 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CVpnParam::SetCertificateInfo File: .\vpnparam.cpp Line: 1097
Invoked
Function: CCertificateInfoTlv::Copy Return Code: -23199733 (0xFE9E000B) Description:
CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error - 27.03.2013 13:55:20 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CNLMgr::SetNlmCategory File: .\NLMgr.cpp Line: 238 SetCategory
return: 0x80070032
Error - 27.03.2013 13:56:18 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDtlsProtocol::timerCallback File: .\DtlsProtocol.cpp Line:
388 Invoked Function: CDtlsProtocol::retransmit Return Code: -31784946 (0xFE1B000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED
Error - 27.03.2013 13:56:18 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCdtpProtocol::OnTunnelInitiateComplete File: .\CdtpProtocol.cpp
Line:
539 Invoked Function: OnTunnelInitiateComplete Return Code: -31784946 (0xFE1B000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
Error - 27.03.2013 13:56:18 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
Line:
1211 Invoked Function: Initiate tunnel callback status Return Code: -31784946 (0xFE1B000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED DTLS tunnel state 0
Error - 27.03.2013 13:56:18 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TlsTunnelMgr.cpp
Line:
1089 Invoked Function: CTlsTunnelMgr::OnTunnelInitiateComplete Return Code: -31784946
(0xFE1B000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
Error - 27.03.2013 14:06:23 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1032 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
kann die angegebene Datei nicht finden.
[ System Events ]
Error - 07.08.2012 16:28:40 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.08.2012 03:28:11 | Computer Name = Marcel-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 08.08.2012 03:30:53 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.08.2012 03:30:53 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 09.08.2012 06:33:42 | Computer Name = Marcel-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 09.08.2012 06:36:15 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 09.08.2012 06:36:15 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 10.08.2012 06:48:04 | Computer Name = Marcel-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 10.08.2012 06:50:37 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 10.08.2012 06:50:37 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Ich hoffe Ihr könnt mir helfen. Vielen Dank schonmal. Viele Grüße, Marcel Geändert von marcelb (27.03.2013 um 21:52 Uhr) |
|
28.03.2013, 16:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
__________________
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
28.03.2013, 17:14
| #3 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo,
__________________erstmal Danke, dass du dich um mein Problem kümmerst. Hier das Gmer-Log: GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-28 16:49:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\uxliypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778b1465 2 bytes [8B, 77]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778b14bb 2 bytes [8B, 77]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000752e87b1 5 bytes JMP 0000000164c5856d
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075c46143 5 bytes JMP 000000016518fa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076aa3e59 5 bytes JMP 0000000164c897d1
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076aa3eae 5 bytes JMP 0000000164c97641
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076aa4731 5 bytes JMP 0000000164c965d9
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076aa5dee 5 bytes JMP 0000000164cbda4f
? C:\Windows\system32\mssprxy.dll [4128] entry point in ".rdata" section 00000000715271e6
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778b1465 2 bytes [8B, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778b14bb 2 bytes [8B, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4184:4420] 000007fefc0d2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4184:4436] 000007fef295d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4184:4812] 000007fef28f9730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4184:4816] 000007fef295d618
Thread C:\Windows\System32\svchost.exe [4444:4520] 000007fef65d9688
---- EOF - GMER 2.1 ----
Und hier das Mbar-Log: HTML-Code: Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcel :: MARCEL-PC [administrator] 28.03.2013 17:09:03 mbar-log-2013-03-28 (17-09-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30608 Time elapsed: 12 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Ich wollte nur mal berichten, dass das Problem immer noch besteht. Allerdings hat sich erst 2 mal dieser Tab geöffnet und auf die Seite ist einfach grau. Viele Grüße, Marcel |
|
29.03.2013, 00:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2013, 01:57
| #5 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo, hier sind die Logfiles: Das aswMBR.txt: HTML-Code: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-03-29 00:45:32 ----------------------------- 00:45:32.022 OS Version: Windows x64 6.1.7601 Service Pack 1 00:45:32.022 Number of processors: 4 586 0x2A07 00:45:32.022 ComputerName: MARCEL-PC UserName: Marcel 00:45:33.161 Initialize success 00:49:48.691 AVAST engine defs: 13032801 01:14:28.660 The log file has been saved successfully to "C:\Users\Marcel\Downloads\aswMBR.txt" 01:14:39.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 01:14:39.344 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 11 01:14:39.344 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 01:14:39.344 Disk 1 Vendor: SAMSUNG_HD403LJ CT100-10 Size: 381554MB BusType: 11 01:14:39.500 Disk 0 MBR read successfully 01:14:39.516 Disk 0 MBR scan 01:14:39.516 Disk 0 Windows 7 default MBR code 01:14:39.516 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048 01:14:39.547 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 374538 MB offset 209717248 01:14:39.578 Disk 0 scanning C:\Windows\system32\drivers 01:14:49.188 Service scanning 01:15:07.175 Modules scanning 01:15:07.175 Disk 0 trace - called modules: 01:15:07.206 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 01:15:07.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e0a060] 01:15:07.206 3 CLASSPNP.SYS[fffff8800195b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b44680] 01:15:08.391 AVAST engine scan C:\Windows 01:15:10.123 AVAST engine scan C:\Windows\system32 01:18:33.840 AVAST engine scan C:\Windows\system32\drivers 01:18:47.334 AVAST engine scan C:\Users\Marcel 01:39:33.034 AVAST engine scan C:\ProgramData 01:40:23.516 Scan finished successfully 01:48:57.179 Disk 0 MBR has been saved successfully to "C:\Users\Marcel\Desktop\MBR.dat" 01:48:57.179 The log file has been saved successfully to "C:\Users\Marcel\Desktop\aswMBR1.txt" Und dass TDSSKiller-Logfile: HTML-Code: 01:51:21.0177 4536 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 01:51:21.0380 4536 ============================================================ 01:51:21.0380 4536 Current date / time: 2013/03/29 01:51:21.0380 01:51:21.0380 4536 SystemInfo: 01:51:21.0380 4536 01:51:21.0380 4536 OS Version: 6.1.7601 ServicePack: 1.0 01:51:21.0380 4536 Product type: Workstation 01:51:21.0380 4536 ComputerName: MARCEL-PC 01:51:21.0380 4536 UserName: Marcel 01:51:21.0380 4536 Windows directory: C:\Windows 01:51:21.0380 4536 System windows directory: C:\Windows 01:51:21.0380 4536 Running under WOW64 01:51:21.0380 4536 Processor architecture: Intel x64 01:51:21.0380 4536 Number of processors: 4 01:51:21.0380 4536 Page size: 0x1000 01:51:21.0380 4536 Boot type: Normal boot 01:51:21.0380 4536 ============================================================ 01:51:29.0585 4536 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 01:51:29.0601 4536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 01:51:29.0617 4536 ============================================================ 01:51:29.0617 4536 \Device\Harddisk1\DR1: 01:51:29.0617 4536 MBR partitions: 01:51:29.0617 4536 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x16295829 01:51:29.0632 4536 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x162958A7, BlocksNum 0x1869E559 01:51:29.0632 4536 \Device\Harddisk0\DR0: 01:51:29.0632 4536 MBR partitions: 01:51:29.0632 4536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000 01:51:29.0632 4536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x2DB85000 01:51:29.0632 4536 ============================================================ 01:51:29.0632 4536 C: <-> \Device\Harddisk0\DR0\Partition1 01:51:29.0679 4536 D: <-> \Device\Harddisk0\DR0\Partition2 01:51:29.0695 4536 F: <-> \Device\Harddisk1\DR1\Partition1 01:51:29.0710 4536 G: <-> \Device\Harddisk1\DR1\Partition2 01:51:29.0710 4536 ============================================================ 01:51:29.0710 4536 Initialize success 01:51:29.0710 4536 ============================================================ 01:51:58.0027 3756 ============================================================ 01:51:58.0027 3756 Scan started 01:51:58.0027 3756 Mode: Manual; SigCheck; TDLFS; 01:51:58.0027 3756 ============================================================ 01:51:58.0729 3756 ================ Scan system memory ======================== 01:51:58.0729 3756 System memory - ok 01:51:58.0729 3756 ================ Scan services ============================= 01:51:58.0885 3756 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 01:51:59.0010 3756 1394ohci - ok 01:51:59.0025 3756 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 01:51:59.0041 3756 ACPI - ok 01:51:59.0056 3756 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 01:51:59.0103 3756 AcpiPmi - ok 01:51:59.0181 3756 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 01:51:59.0197 3756 acsock - ok 01:51:59.0306 3756 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 01:51:59.0322 3756 AdobeARMservice - ok 01:51:59.0431 3756 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 01:51:59.0446 3756 AdobeFlashPlayerUpdateSvc - ok 01:51:59.0462 3756 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 01:51:59.0478 3756 adp94xx - ok 01:51:59.0493 3756 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 01:51:59.0509 3756 adpahci - ok 01:51:59.0524 3756 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 01:51:59.0540 3756 adpu320 - ok 01:51:59.0571 3756 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 01:51:59.0727 3756 AeLookupSvc - ok 01:51:59.0790 3756 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 01:51:59.0852 3756 AFD - ok 01:51:59.0868 3756 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 01:51:59.0883 3756 agp440 - ok 01:51:59.0883 3756 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 01:51:59.0930 3756 ALG - ok 01:51:59.0946 3756 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 01:51:59.0961 3756 aliide - ok 01:51:59.0977 3756 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 01:51:59.0992 3756 amdide - ok 01:52:00.0008 3756 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 01:52:00.0039 3756 AmdK8 - ok 01:52:00.0070 3756 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 01:52:00.0102 3756 AmdPPM - ok 01:52:00.0117 3756 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 01:52:00.0133 3756 amdsata - ok 01:52:00.0148 3756 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 01:52:00.0164 3756 amdsbs - ok 01:52:00.0195 3756 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 01:52:00.0195 3756 amdxata - ok 01:52:00.0258 3756 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 01:52:00.0273 3756 AntiVirSchedulerService - ok 01:52:00.0320 3756 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 01:52:00.0336 3756 AntiVirService - ok 01:52:00.0351 3756 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 01:52:00.0523 3756 AppID - ok 01:52:00.0538 3756 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 01:52:00.0601 3756 AppIDSvc - ok 01:52:00.0632 3756 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 01:52:00.0694 3756 Appinfo - ok 01:52:00.0710 3756 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 01:52:00.0726 3756 arc - ok 01:52:00.0741 3756 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 01:52:00.0741 3756 arcsas - ok 01:52:00.0882 3756 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 01:52:00.0897 3756 aspnet_state - ok 01:52:00.0928 3756 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 01:52:00.0975 3756 AsyncMac - ok 01:52:00.0991 3756 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 01:52:01.0006 3756 atapi - ok 01:52:01.0038 3756 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 01:52:01.0178 3756 AudioEndpointBuilder - ok 01:52:01.0225 3756 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 01:52:01.0272 3756 AudioSrv - ok 01:52:01.0287 3756 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 01:52:01.0287 3756 avgntflt - ok 01:52:01.0334 3756 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 01:52:01.0334 3756 avipbb - ok 01:52:01.0350 3756 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 01:52:01.0365 3756 avkmgr - ok 01:52:01.0396 3756 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 01:52:01.0443 3756 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 01:52:01.0443 3756 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 01:52:01.0474 3756 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys 01:52:01.0490 3756 avmeject - ok 01:52:01.0521 3756 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 01:52:01.0615 3756 AxInstSV - ok 01:52:01.0646 3756 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 01:52:01.0708 3756 b06bdrv - ok 01:52:01.0740 3756 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 01:52:01.0786 3756 b57nd60a - ok 01:52:01.0833 3756 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 01:52:01.0896 3756 BDESVC - ok 01:52:01.0927 3756 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 01:52:01.0989 3756 Beep - ok 01:52:02.0036 3756 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 01:52:02.0098 3756 BFE - ok 01:52:02.0145 3756 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 01:52:02.0208 3756 BITS - ok 01:52:02.0239 3756 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 01:52:02.0254 3756 blbdrive - ok 01:52:02.0270 3756 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 01:52:02.0286 3756 bowser - ok 01:52:02.0301 3756 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 01:52:02.0317 3756 BrFiltLo - ok 01:52:02.0332 3756 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 01:52:02.0364 3756 BrFiltUp - ok 01:52:02.0379 3756 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 01:52:02.0410 3756 Browser - ok 01:52:02.0426 3756 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 01:52:02.0473 3756 Brserid - ok 01:52:02.0473 3756 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 01:52:02.0504 3756 BrSerWdm - ok 01:52:02.0520 3756 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 01:52:02.0535 3756 BrUsbMdm - ok 01:52:02.0551 3756 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 01:52:02.0551 3756 BrUsbSer - ok 01:52:02.0566 3756 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 01:52:02.0582 3756 BTHMODEM - ok 01:52:02.0644 3756 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 01:52:02.0676 3756 bthserv - ok 01:52:02.0707 3756 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 01:52:02.0754 3756 cdfs - ok 01:52:02.0785 3756 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 01:52:02.0800 3756 cdrom - ok 01:52:02.0832 3756 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 01:52:02.0847 3756 CertPropSvc - ok 01:52:02.0878 3756 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 01:52:02.0878 3756 circlass - ok 01:52:02.0941 3756 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 01:52:02.0956 3756 CLFS - ok 01:52:03.0003 3756 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:52:03.0019 3756 clr_optimization_v2.0.50727_32 - ok 01:52:03.0081 3756 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 01:52:03.0097 3756 clr_optimization_v2.0.50727_64 - ok 01:52:03.0175 3756 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 01:52:03.0190 3756 clr_optimization_v4.0.30319_32 - ok 01:52:03.0206 3756 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 01:52:03.0206 3756 clr_optimization_v4.0.30319_64 - ok 01:52:03.0237 3756 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 01:52:03.0253 3756 CmBatt - ok 01:52:03.0284 3756 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 01:52:03.0300 3756 cmdide - ok 01:52:03.0331 3756 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 01:52:03.0362 3756 CNG - ok 01:52:03.0362 3756 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 01:52:03.0378 3756 Compbatt - ok 01:52:03.0409 3756 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 01:52:03.0456 3756 CompositeBus - ok 01:52:03.0471 3756 COMSysApp - ok 01:52:03.0502 3756 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 01:52:03.0502 3756 crcdisk - ok 01:52:03.0565 3756 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 01:52:03.0627 3756 CryptSvc - ok 01:52:03.0674 3756 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 01:52:03.0721 3756 DcomLaunch - ok 01:52:03.0783 3756 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 01:52:03.0830 3756 defragsvc - ok 01:52:03.0846 3756 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 01:52:03.0892 3756 DfsC - ok 01:52:03.0939 3756 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 01:52:04.0002 3756 Dhcp - ok 01:52:04.0002 3756 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 01:52:04.0048 3756 discache - ok 01:52:04.0080 3756 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 01:52:04.0080 3756 Disk - ok 01:52:04.0111 3756 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 01:52:04.0173 3756 Dnscache - ok 01:52:04.0204 3756 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 01:52:04.0267 3756 dot3svc - ok 01:52:04.0282 3756 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 01:52:04.0345 3756 DPS - ok 01:52:04.0376 3756 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 01:52:04.0407 3756 drmkaud - ok 01:52:04.0438 3756 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 01:52:04.0470 3756 DXGKrnl - ok 01:52:04.0485 3756 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 01:52:04.0516 3756 EapHost - ok 01:52:04.0594 3756 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 01:52:04.0688 3756 ebdrv - ok 01:52:04.0719 3756 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 01:52:04.0766 3756 EFS - ok 01:52:04.0828 3756 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 01:52:04.0906 3756 ehRecvr - ok 01:52:04.0922 3756 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 01:52:04.0969 3756 ehSched - ok 01:52:04.0984 3756 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 01:52:05.0000 3756 elxstor - ok 01:52:05.0016 3756 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 01:52:05.0031 3756 ErrDev - ok 01:52:05.0078 3756 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 01:52:05.0140 3756 EventSystem - ok 01:52:05.0187 3756 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 01:52:05.0234 3756 exfat - ok 01:52:05.0250 3756 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 01:52:05.0296 3756 fastfat - ok 01:52:05.0328 3756 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 01:52:05.0390 3756 Fax - ok 01:52:05.0421 3756 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 01:52:05.0452 3756 fdc - ok 01:52:05.0468 3756 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 01:52:05.0530 3756 fdPHost - ok 01:52:05.0546 3756 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 01:52:05.0593 3756 FDResPub - ok 01:52:05.0608 3756 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 01:52:05.0608 3756 FileInfo - ok 01:52:05.0624 3756 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 01:52:05.0671 3756 Filetrace - ok 01:52:05.0686 3756 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 01:52:05.0702 3756 flpydisk - ok 01:52:05.0718 3756 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 01:52:05.0718 3756 FltMgr - ok 01:52:05.0780 3756 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 01:52:05.0827 3756 FontCache - ok 01:52:05.0874 3756 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 01:52:05.0889 3756 FontCache3.0.0.0 - ok 01:52:05.0905 3756 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 01:52:05.0920 3756 FsDepends - ok 01:52:05.0936 3756 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 01:52:05.0952 3756 Fs_Rec - ok 01:52:05.0983 3756 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 01:52:06.0014 3756 fvevol - ok 01:52:06.0061 3756 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys 01:52:06.0108 3756 fwlanusbn - ok 01:52:06.0123 3756 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 01:52:06.0139 3756 gagp30kx - ok 01:52:06.0170 3756 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 01:52:06.0232 3756 gpsvc - ok 01:52:06.0232 3756 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 01:52:06.0326 3756 hcw85cir - ok 01:52:06.0373 3756 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 01:52:06.0420 3756 HdAudAddService - ok 01:52:06.0451 3756 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 01:52:06.0482 3756 HDAudBus - ok 01:52:06.0498 3756 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 01:52:06.0544 3756 HidBatt - ok 01:52:06.0560 3756 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 01:52:06.0591 3756 HidBth - ok 01:52:06.0607 3756 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 01:52:06.0622 3756 HidIr - ok 01:52:06.0638 3756 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 01:52:06.0700 3756 hidserv - ok 01:52:06.0732 3756 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 01:52:06.0732 3756 HidUsb - ok 01:52:06.0747 3756 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 01:52:06.0794 3756 hkmsvc - ok 01:52:06.0825 3756 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 01:52:06.0872 3756 HomeGroupListener - ok 01:52:06.0888 3756 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 01:52:06.0919 3756 HomeGroupProvider - ok 01:52:06.0934 3756 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 01:52:06.0950 3756 HpSAMD - ok 01:52:06.0981 3756 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 01:52:07.0044 3756 HTTP - ok 01:52:07.0059 3756 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 01:52:07.0059 3756 hwpolicy - ok 01:52:07.0090 3756 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 01:52:07.0106 3756 i8042prt - ok 01:52:07.0137 3756 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 01:52:07.0153 3756 iaStorV - ok 01:52:07.0215 3756 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 01:52:07.0246 3756 idsvc - ok 01:52:07.0262 3756 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 01:52:07.0262 3756 iirsp - ok 01:52:07.0293 3756 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 01:52:07.0324 3756 IKEEXT - ok 01:52:07.0449 3756 [ 059DDDEDBE5701DC3B779D32798108AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 01:52:07.0574 3756 IntcAzAudAddService - ok 01:52:07.0605 3756 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 01:52:07.0605 3756 intelide - ok 01:52:07.0636 3756 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 01:52:07.0668 3756 intelppm - ok 01:52:07.0699 3756 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 01:52:07.0730 3756 IPBusEnum - ok 01:52:07.0761 3756 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 01:52:07.0792 3756 IpFilterDriver - ok 01:52:07.0855 3756 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 01:52:07.0902 3756 iphlpsvc - ok 01:52:07.0917 3756 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 01:52:07.0948 3756 IPMIDRV - ok 01:52:07.0964 3756 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 01:52:08.0011 3756 IPNAT - ok 01:52:08.0058 3756 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 01:52:08.0089 3756 IRENUM - ok 01:52:08.0104 3756 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 01:52:08.0120 3756 isapnp - ok 01:52:08.0167 3756 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 01:52:08.0182 3756 iScsiPrt - ok 01:52:08.0182 3756 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 01:52:08.0198 3756 kbdclass - ok 01:52:08.0229 3756 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 01:52:08.0245 3756 kbdhid - ok 01:52:08.0260 3756 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 01:52:08.0260 3756 KeyIso - ok 01:52:08.0292 3756 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 01:52:08.0307 3756 KSecDD - ok 01:52:08.0323 3756 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 01:52:08.0338 3756 KSecPkg - ok 01:52:08.0338 3756 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 01:52:08.0385 3756 ksthunk - ok 01:52:08.0416 3756 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 01:52:08.0479 3756 KtmRm - ok 01:52:08.0510 3756 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 01:52:08.0541 3756 LanmanServer - ok 01:52:08.0541 3756 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 01:52:08.0572 3756 LanmanWorkstation - ok 01:52:08.0604 3756 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 01:52:08.0635 3756 lltdio - ok 01:52:08.0666 3756 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 01:52:08.0713 3756 lltdsvc - ok 01:52:08.0728 3756 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 01:52:08.0791 3756 lmhosts - ok 01:52:08.0838 3756 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 01:52:08.0853 3756 LSI_FC - ok 01:52:08.0884 3756 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 01:52:08.0900 3756 LSI_SAS - ok 01:52:08.0916 3756 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 01:52:08.0931 3756 LSI_SAS2 - ok 01:52:08.0931 3756 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 01:52:08.0947 3756 LSI_SCSI - ok 01:52:08.0962 3756 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 01:52:08.0994 3756 luafv - ok 01:52:09.0056 3756 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys 01:52:09.0056 3756 MBfilt - ok 01:52:09.0087 3756 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 01:52:09.0103 3756 Mcx2Svc - ok 01:52:09.0118 3756 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 01:52:09.0134 3756 megasas - ok 01:52:09.0150 3756 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 01:52:09.0165 3756 MegaSR - ok 01:52:09.0196 3756 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 01:52:09.0212 3756 MEIx64 - ok 01:52:09.0228 3756 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 01:52:09.0259 3756 MMCSS - ok 01:52:09.0290 3756 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 01:52:09.0337 3756 Modem - ok 01:52:09.0368 3756 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 01:52:09.0399 3756 monitor - ok 01:52:09.0446 3756 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 01:52:09.0462 3756 mouclass - ok 01:52:09.0493 3756 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 01:52:09.0524 3756 mouhid - ok 01:52:09.0571 3756 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 01:52:09.0586 3756 mountmgr - ok 01:52:09.0649 3756 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 01:52:09.0664 3756 MozillaMaintenance - ok 01:52:09.0664 3756 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 01:52:09.0680 3756 mpio - ok 01:52:09.0711 3756 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 01:52:09.0742 3756 mpsdrv - ok 01:52:09.0774 3756 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 01:52:09.0820 3756 MpsSvc - ok 01:52:09.0836 3756 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 01:52:09.0852 3756 MRxDAV - ok 01:52:09.0883 3756 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 01:52:09.0930 3756 mrxsmb - ok 01:52:09.0961 3756 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 01:52:09.0976 3756 mrxsmb10 - ok 01:52:09.0992 3756 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 01:52:10.0008 3756 mrxsmb20 - ok 01:52:10.0023 3756 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 01:52:10.0023 3756 msahci - ok 01:52:10.0039 3756 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 01:52:10.0054 3756 msdsm - ok 01:52:10.0070 3756 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 01:52:10.0101 3756 MSDTC - ok 01:52:10.0117 3756 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 01:52:10.0148 3756 Msfs - ok 01:52:10.0179 3756 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 01:52:10.0226 3756 mshidkmdf - ok 01:52:10.0242 3756 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 01:52:10.0257 3756 msisadrv - ok 01:52:10.0288 3756 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 01:52:10.0335 3756 MSiSCSI - ok 01:52:10.0351 3756 msiserver - ok 01:52:10.0366 3756 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 01:52:10.0413 3756 MSKSSRV - ok 01:52:10.0444 3756 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 01:52:10.0507 3756 MSPCLOCK - ok 01:52:10.0522 3756 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 01:52:10.0554 3756 MSPQM - ok 01:52:10.0554 3756 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 01:52:10.0569 3756 MsRPC - ok 01:52:10.0585 3756 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 01:52:10.0600 3756 mssmbios - ok 01:52:10.0616 3756 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 01:52:10.0632 3756 MSTEE - ok 01:52:10.0647 3756 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 01:52:10.0647 3756 MTConfig - ok 01:52:10.0678 3756 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 01:52:10.0678 3756 Mup - ok 01:52:10.0725 3756 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 01:52:10.0788 3756 napagent - ok 01:52:10.0834 3756 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 01:52:10.0866 3756 NativeWifiP - ok 01:52:10.0944 3756 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 01:52:10.0975 3756 NDIS - ok 01:52:11.0006 3756 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 01:52:11.0022 3756 NdisCap - ok 01:52:11.0068 3756 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 01:52:11.0115 3756 NdisTapi - ok 01:52:11.0115 3756 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 01:52:11.0178 3756 Ndisuio - ok 01:52:11.0209 3756 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 01:52:11.0256 3756 NdisWan - ok 01:52:11.0271 3756 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 01:52:11.0334 3756 NDProxy - ok 01:52:11.0380 3756 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 01:52:11.0490 3756 NetBIOS - ok 01:52:11.0505 3756 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 01:52:11.0521 3756 NetBT - ok 01:52:11.0536 3756 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 01:52:11.0552 3756 Netlogon - ok 01:52:11.0583 3756 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 01:52:11.0646 3756 Netman - ok 01:52:11.0692 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:52:11.0708 3756 NetMsmqActivator - ok 01:52:11.0708 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:52:11.0724 3756 NetPipeActivator - ok 01:52:11.0755 3756 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 01:52:11.0817 3756 netprofm - ok 01:52:11.0817 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:52:11.0817 3756 NetTcpActivator - ok 01:52:11.0817 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:52:11.0833 3756 NetTcpPortSharing - ok 01:52:11.0848 3756 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 01:52:11.0848 3756 nfrd960 - ok 01:52:11.0880 3756 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 01:52:11.0895 3756 NlaSvc - ok 01:52:11.0911 3756 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 01:52:11.0942 3756 Npfs - ok 01:52:11.0958 3756 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 01:52:11.0989 3756 nsi - ok 01:52:12.0004 3756 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 01:52:12.0051 3756 nsiproxy - ok 01:52:12.0114 3756 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 01:52:12.0176 3756 Ntfs - ok 01:52:12.0192 3756 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 01:52:12.0238 3756 Null - ok 01:52:12.0285 3756 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 01:52:12.0301 3756 nusb3hub - ok 01:52:12.0332 3756 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 01:52:12.0394 3756 nusb3xhc - ok 01:52:12.0426 3756 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 01:52:12.0441 3756 NVHDA - ok 01:52:12.0706 3756 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 01:52:13.0034 3756 nvlddmkm - ok 01:52:13.0050 3756 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 01:52:13.0065 3756 nvraid - ok 01:52:13.0096 3756 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 01:52:13.0096 3756 nvstor - ok 01:52:13.0159 3756 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 01:52:13.0174 3756 nvsvc - ok 01:52:13.0221 3756 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 01:52:13.0252 3756 nvUpdatusService - ok 01:52:13.0299 3756 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 01:52:13.0299 3756 nv_agp - ok 01:52:13.0315 3756 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 01:52:13.0346 3756 ohci1394 - ok 01:52:13.0393 3756 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 01:52:13.0408 3756 ose - ok 01:52:13.0564 3756 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 01:52:13.0689 3756 osppsvc - ok 01:52:13.0736 3756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 01:52:13.0783 3756 p2pimsvc - ok 01:52:13.0814 3756 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 01:52:13.0830 3756 p2psvc - ok 01:52:13.0861 3756 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 01:52:13.0876 3756 Parport - ok 01:52:13.0923 3756 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 01:52:13.0923 3756 partmgr - ok 01:52:13.0939 3756 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 01:52:13.0970 3756 PcaSvc - ok 01:52:14.0001 3756 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 01:52:14.0001 3756 pci - ok 01:52:14.0017 3756 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 01:52:14.0032 3756 pciide - ok 01:52:14.0048 3756 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 01:52:14.0064 3756 pcmcia - ok 01:52:14.0079 3756 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 01:52:14.0095 3756 pcw - ok 01:52:14.0126 3756 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 01:52:14.0188 3756 PEAUTH - ok 01:52:14.0235 3756 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 01:52:14.0282 3756 PerfHost - ok 01:52:14.0329 3756 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 01:52:14.0407 3756 pla - ok 01:52:14.0469 3756 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 01:52:14.0516 3756 PlugPlay - ok 01:52:14.0532 3756 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 01:52:14.0532 3756 PNRPAutoReg - ok 01:52:14.0563 3756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 01:52:14.0578 3756 PNRPsvc - ok 01:52:14.0610 3756 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 01:52:14.0656 3756 PolicyAgent - ok 01:52:14.0688 3756 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 01:52:14.0750 3756 Power - ok 01:52:14.0781 3756 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 01:52:14.0812 3756 PptpMiniport - ok 01:52:14.0828 3756 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 01:52:14.0859 3756 Processor - ok 01:52:14.0890 3756 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 01:52:14.0937 3756 ProfSvc - ok 01:52:14.0953 3756 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 01:52:14.0968 3756 ProtectedStorage - ok 01:52:14.0984 3756 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 01:52:15.0046 3756 Psched - ok 01:52:15.0093 3756 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 01:52:15.0124 3756 ql2300 - ok 01:52:15.0124 3756 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 01:52:15.0140 3756 ql40xx - ok 01:52:15.0156 3756 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 01:52:15.0171 3756 QWAVE - ok 01:52:15.0187 3756 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 01:52:15.0202 3756 QWAVEdrv - ok 01:52:15.0202 3756 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 01:52:15.0234 3756 RasAcd - ok 01:52:15.0280 3756 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 01:52:15.0296 3756 RasAgileVpn - ok 01:52:15.0312 3756 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 01:52:15.0358 3756 RasAuto - ok 01:52:15.0390 3756 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 01:52:15.0421 3756 Rasl2tp - ok 01:52:15.0452 3756 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 01:52:15.0499 3756 RasMan - ok 01:52:15.0530 3756 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 01:52:15.0577 3756 RasPppoe - ok 01:52:15.0608 3756 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 01:52:15.0639 3756 RasSstp - ok 01:52:15.0655 3756 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 01:52:15.0686 3756 rdbss - ok 01:52:15.0702 3756 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 01:52:15.0733 3756 rdpbus - ok 01:52:15.0780 3756 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 01:52:15.0826 3756 RDPCDD - ok 01:52:15.0858 3756 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 01:52:15.0920 3756 RDPENCDD - ok 01:52:15.0936 3756 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 01:52:15.0951 3756 RDPREFMP - ok 01:52:15.0982 3756 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 01:52:16.0014 3756 RDPWD - ok 01:52:16.0060 3756 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 01:52:16.0076 3756 rdyboost - ok 01:52:16.0092 3756 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 01:52:16.0138 3756 RemoteAccess - ok 01:52:16.0170 3756 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 01:52:16.0216 3756 RemoteRegistry - ok 01:52:16.0232 3756 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 01:52:16.0263 3756 RpcEptMapper - ok 01:52:16.0294 3756 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 01:52:16.0310 3756 RpcLocator - ok 01:52:16.0341 3756 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 01:52:16.0372 3756 RpcSs - ok 01:52:16.0404 3756 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 01:52:16.0450 3756 rspndr - ok 01:52:16.0513 3756 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 01:52:16.0528 3756 RTL8167 - ok 01:52:16.0544 3756 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 01:52:16.0560 3756 SamSs - ok 01:52:16.0575 3756 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 01:52:16.0575 3756 sbp2port - ok 01:52:16.0622 3756 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 01:52:16.0669 3756 SCardSvr - ok 01:52:16.0684 3756 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 01:52:16.0731 3756 scfilter - ok 01:52:16.0762 3756 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 01:52:16.0825 3756 Schedule - ok 01:52:16.0840 3756 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 01:52:16.0856 3756 SCPolicySvc - ok 01:52:16.0872 3756 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 01:52:16.0918 3756 SDRSVC - ok 01:52:17.0121 3756 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Marcel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 01:52:17.0152 3756 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning 01:52:17.0152 3756 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1) 01:52:17.0184 3756 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 01:52:17.0246 3756 secdrv - ok 01:52:17.0262 3756 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 01:52:17.0308 3756 seclogon - ok 01:52:17.0324 3756 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 01:52:17.0386 3756 SENS - ok 01:52:17.0402 3756 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 01:52:17.0464 3756 SensrSvc - ok 01:52:17.0480 3756 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 01:52:17.0496 3756 Serenum - ok 01:52:17.0527 3756 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 01:52:17.0542 3756 Serial - ok 01:52:17.0605 3756 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 01:52:17.0620 3756 sermouse - ok 01:52:17.0652 3756 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 01:52:17.0698 3756 SessionEnv - ok 01:52:17.0714 3756 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 01:52:17.0730 3756 sffdisk - ok 01:52:17.0745 3756 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 01:52:17.0776 3756 sffp_mmc - ok 01:52:17.0776 3756 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 01:52:17.0808 3756 sffp_sd - ok 01:52:17.0823 3756 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 01:52:17.0839 3756 sfloppy - ok 01:52:17.0870 3756 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 01:52:17.0917 3756 SharedAccess - ok 01:52:17.0948 3756 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 01:52:17.0995 3756 ShellHWDetection - ok 01:52:18.0010 3756 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 01:52:18.0010 3756 SiSRaid2 - ok 01:52:18.0026 3756 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 01:52:18.0042 3756 SiSRaid4 - ok 01:52:18.0198 3756 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 01:52:18.0291 3756 Skype C2C Service - ok 01:52:18.0354 3756 [ FF0DB4D9A08864A5C7B67477CD8E3B2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 01:52:18.0369 3756 SkypeUpdate - ok 01:52:18.0400 3756 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 01:52:18.0447 3756 Smb - ok 01:52:18.0510 3756 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 01:52:18.0541 3756 SNMPTRAP - ok 01:52:18.0572 3756 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 01:52:18.0588 3756 spldr - ok 01:52:18.0634 3756 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 01:52:18.0666 3756 Spooler - ok 01:52:18.0744 3756 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 01:52:18.0868 3756 sppsvc - ok 01:52:18.0884 3756 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 01:52:18.0900 3756 sppuinotify - ok 01:52:18.0931 3756 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 01:52:18.0962 3756 srv - ok 01:52:18.0978 3756 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 01:52:19.0024 3756 srv2 - ok 01:52:19.0056 3756 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 01:52:19.0071 3756 srvnet - ok 01:52:19.0102 3756 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 01:52:19.0134 3756 SSDPSRV - ok 01:52:19.0149 3756 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 01:52:19.0180 3756 SstpSvc - ok 01:52:19.0196 3756 Steam Client Service - ok 01:52:19.0305 3756 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 01:52:19.0321 3756 Stereo Service - ok 01:52:19.0336 3756 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 01:52:19.0352 3756 stexstor - ok 01:52:19.0399 3756 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 01:52:19.0430 3756 stisvc - ok 01:52:19.0446 3756 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 01:52:19.0446 3756 swenum - ok 01:52:19.0477 3756 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 01:52:19.0508 3756 swprv - ok 01:52:19.0555 3756 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 01:52:19.0617 3756 SysMain - ok 01:52:19.0648 3756 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 01:52:19.0664 3756 TabletInputService - ok 01:52:19.0695 3756 [ BCD6A90D6FD757CE9C29DDC850F7F231 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 01:52:19.0726 3756 tap0901 - ok 01:52:19.0758 3756 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 01:52:19.0836 3756 TapiSrv - ok 01:52:19.0851 3756 TBPanel - ok 01:52:19.0851 3756 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 01:52:19.0898 3756 TBS - ok 01:52:19.0960 3756 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 01:52:20.0038 3756 Tcpip - ok 01:52:20.0070 3756 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 01:52:20.0085 3756 TCPIP6 - ok 01:52:20.0132 3756 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 01:52:20.0148 3756 tcpipreg - ok 01:52:20.0163 3756 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 01:52:20.0210 3756 TDPIPE - ok 01:52:20.0241 3756 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 01:52:20.0257 3756 TDTCP - ok 01:52:20.0272 3756 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 01:52:20.0319 3756 tdx - ok 01:52:20.0335 3756 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 01:52:20.0350 3756 TermDD - ok 01:52:20.0366 3756 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 01:52:20.0428 3756 TermService - ok 01:52:20.0460 3756 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 01:52:20.0475 3756 Themes - ok 01:52:20.0491 3756 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 01:52:20.0538 3756 THREADORDER - ok 01:52:20.0538 3756 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 01:52:20.0600 3756 TrkWks - ok 01:52:20.0647 3756 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 01:52:20.0678 3756 TrustedInstaller - ok 01:52:20.0694 3756 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 01:52:20.0756 3756 tssecsrv - ok 01:52:20.0772 3756 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 01:52:20.0803 3756 TsUsbFlt - ok 01:52:20.0818 3756 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 01:52:20.0834 3756 TsUsbGD - ok 01:52:20.0865 3756 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 01:52:20.0912 3756 tunnel - ok 01:52:20.0912 3756 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 01:52:20.0928 3756 uagp35 - ok 01:52:20.0943 3756 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 01:52:20.0990 3756 udfs - ok 01:52:21.0006 3756 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 01:52:21.0037 3756 UI0Detect - ok 01:52:21.0068 3756 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 01:52:21.0084 3756 uliagpkx - ok 01:52:21.0115 3756 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 01:52:21.0146 3756 umbus - ok 01:52:21.0177 3756 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 01:52:21.0193 3756 UmPass - ok 01:52:21.0224 3756 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 01:52:21.0271 3756 upnphost - ok 01:52:21.0318 3756 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 01:52:21.0333 3756 usbccgp - ok 01:52:21.0349 3756 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 01:52:21.0364 3756 usbcir - ok 01:52:21.0380 3756 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 01:52:21.0411 3756 usbehci - ok 01:52:21.0427 3756 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 01:52:21.0442 3756 usbhub - ok 01:52:21.0458 3756 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 01:52:21.0489 3756 usbohci - ok 01:52:21.0505 3756 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 01:52:21.0520 3756 usbprint - ok 01:52:21.0552 3756 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 01:52:21.0598 3756 USBSTOR - ok 01:52:21.0614 3756 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 01:52:21.0645 3756 usbuhci - ok 01:52:21.0661 3756 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 01:52:21.0708 3756 UxSms - ok 01:52:21.0723 3756 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 01:52:21.0739 3756 VaultSvc - ok 01:52:21.0754 3756 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 01:52:21.0754 3756 vdrvroot - ok 01:52:21.0786 3756 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 01:52:21.0864 3756 vds - ok 01:52:21.0879 3756 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 01:52:21.0879 3756 vga - ok 01:52:21.0895 3756 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 01:52:21.0910 3756 VgaSave - ok 01:52:21.0926 3756 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 01:52:21.0942 3756 vhdmp - ok 01:52:21.0957 3756 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 01:52:21.0957 3756 viaide - ok 01:52:21.0973 3756 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 01:52:21.0973 3756 volmgr - ok 01:52:21.0988 3756 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 01:52:22.0004 3756 volmgrx - ok 01:52:22.0020 3756 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 01:52:22.0035 3756 volsnap - ok 01:52:22.0129 3756 [ 19AFBA7191A78EDCA6D235456D65E002 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 01:52:22.0144 3756 vpnagent - ok 01:52:22.0191 3756 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 01:52:22.0191 3756 vpnva - ok 01:52:22.0207 3756 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 01:52:22.0238 3756 vsmraid - ok 01:52:22.0285 3756 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 01:52:22.0378 3756 VSS - ok 01:52:22.0394 3756 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 01:52:22.0425 3756 vwifibus - ok 01:52:22.0441 3756 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 01:52:22.0488 3756 W32Time - ok 01:52:22.0503 3756 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 01:52:22.0534 3756 WacomPen - ok 01:52:22.0566 3756 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 01:52:22.0628 3756 WANARP - ok 01:52:22.0628 3756 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 01:52:22.0675 3756 Wanarpv6 - ok 01:52:22.0706 3756 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 01:52:22.0800 3756 wbengine - ok 01:52:22.0815 3756 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 01:52:22.0831 3756 WbioSrvc - ok 01:52:22.0862 3756 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 01:52:22.0893 3756 wcncsvc - ok 01:52:22.0893 3756 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 01:52:22.0971 3756 WcsPlugInService - ok 01:52:22.0987 3756 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 01:52:22.0987 3756 Wd - ok 01:52:23.0049 3756 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 01:52:23.0080 3756 Wdf01000 - ok 01:52:23.0080 3756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 01:52:23.0174 3756 WdiServiceHost - ok 01:52:23.0174 3756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 01:52:23.0205 3756 WdiSystemHost - ok 01:52:23.0221 3756 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 01:52:23.0236 3756 WebClient - ok 01:52:23.0252 3756 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 01:52:23.0299 3756 Wecsvc - ok 01:52:23.0314 3756 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 01:52:23.0346 3756 wercplsupport - ok 01:52:23.0361 3756 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 01:52:23.0392 3756 WerSvc - ok 01:52:23.0408 3756 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 01:52:23.0439 3756 WfpLwf - ok 01:52:23.0455 3756 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 01:52:23.0455 3756 WIMMount - ok 01:52:23.0470 3756 WinDefend - ok 01:52:23.0470 3756 WinHttpAutoProxySvc - ok 01:52:23.0517 3756 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 01:52:23.0564 3756 Winmgmt - ok 01:52:23.0611 3756 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 01:52:23.0704 3756 WinRM - ok 01:52:23.0751 3756 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 01:52:23.0782 3756 WinUsb - ok 01:52:23.0798 3756 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 01:52:23.0860 3756 Wlansvc - ok 01:52:23.0954 3756 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 01:52:24.0016 3756 wlidsvc - ok 01:52:24.0063 3756 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 01:52:24.0094 3756 WmiAcpi - ok 01:52:24.0126 3756 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 01:52:24.0157 3756 wmiApSrv - ok 01:52:24.0188 3756 WMPNetworkSvc - ok 01:52:24.0204 3756 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 01:52:24.0250 3756 WPCSvc - ok 01:52:24.0266 3756 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 01:52:24.0297 3756 WPDBusEnum - ok 01:52:24.0328 3756 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 01:52:24.0375 3756 ws2ifsl - ok 01:52:24.0391 3756 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 01:52:24.0422 3756 wscsvc - ok 01:52:24.0422 3756 WSearch - ok 01:52:24.0500 3756 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 01:52:24.0594 3756 wuauserv - ok 01:52:24.0625 3756 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 01:52:24.0640 3756 WudfPf - ok 01:52:24.0687 3756 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 01:52:24.0703 3756 WUDFRd - ok 01:52:24.0734 3756 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 01:52:24.0765 3756 wudfsvc - ok 01:52:24.0796 3756 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 01:52:24.0828 3756 WwanSvc - ok 01:52:24.0859 3756 ================ Scan global =============================== 01:52:24.0874 3756 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 01:52:24.0921 3756 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 01:52:24.0937 3756 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 01:52:24.0968 3756 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 01:52:24.0999 3756 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 01:52:25.0015 3756 [Global] - ok 01:52:25.0015 3756 ================ Scan MBR ================================== 01:52:25.0015 3756 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1 01:52:25.0093 3756 \Device\Harddisk1\DR1 - ok 01:52:25.0108 3756 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 01:52:25.0389 3756 \Device\Harddisk0\DR0 - ok 01:52:25.0389 3756 ================ Scan VBR ================================== 01:52:25.0389 3756 [ 33E794CCEBE2B9A933396D94DDE92D21 ] \Device\Harddisk1\DR1\Partition1 01:52:25.0389 3756 \Device\Harddisk1\DR1\Partition1 - ok 01:52:25.0389 3756 [ AAA50EBDD4EA5E8A236A13428B887777 ] \Device\Harddisk1\DR1\Partition2 01:52:25.0389 3756 \Device\Harddisk1\DR1\Partition2 - ok 01:52:25.0389 3756 [ E60671AE55194C4C3F83B6B9FF6C5ADE ] \Device\Harddisk0\DR0\Partition1 01:52:25.0389 3756 \Device\Harddisk0\DR0\Partition1 - ok 01:52:25.0420 3756 [ D68C60D1D3263A3474B1F6F791D6A857 ] \Device\Harddisk0\DR0\Partition2 01:52:25.0420 3756 \Device\Harddisk0\DR0\Partition2 - ok 01:52:25.0420 3756 ============================================================ 01:52:25.0420 3756 Scan finished 01:52:25.0420 3756 ============================================================ 01:52:25.0436 5564 Detected object count: 2 01:52:25.0436 5564 Actual detected object count: 2 01:53:32.0173 5564 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 01:53:32.0173 5564 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:53:32.0173 5564 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user 01:53:32.0173 5564 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:54:58.0576 4612 Deinitialize success |
|
29.03.2013, 02:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 |
|
29.03.2013, 12:43
| #7 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo, hat alles ohne Probleme geklappt. Hier die Logfiles: JRT.txt: HTML-Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.3 (03.23.2013:1) OS: Windows 7 Home Premium x64 Ran by Marcel on 29.03.2013 at 12:15:54,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\minidumps [68 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.03.2013 at 12:19:50,44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 29/03/2013 um 12:25:45 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marcel - MARCEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marcel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\1kpvpsne.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1052 octets] - [29/03/2013 12:25:45]
########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########
Und die OTL-Logfiles: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.03.2013 12:31:03 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,04% Memory free 15,94 Gb Paging File | 14,36 Gb Available in Paging File | 90,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 38,67 Gb Free Space | 38,67% Space Free | Partition Type: NTFS Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe () MOD - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe () MOD - C:\Program Files (x86)\Vtune\TBManage.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D F6 F0 7B 7C 29 CE 01 [binary data] IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{15DDC04D-6FFD-4BA3-A653-94E19713A8DD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{5B272025-5BED-44BF-A575-12D5C89AF4B2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{6820A245-544D-4A3A-BE48-18C53D7C4B21}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{C4039295-C47C-4CC0-B8C7-2D2F07429751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{CECB20D3-620B-4F93-98C7-8EA462C76547}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{F196558C-D112-4C55-A97D-AFBC0F31815F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.facebook.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 18:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions [2012.10.26 12:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\1kpvpsne.default\extensions [2012.10.07 13:39:54 | 000,002,101 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\googlede.xml [2012.05.05 23:26:12 | 000,001,088 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\{586F9D64-FAB6-4373-8E7D-1A00773DA688}.xml [2013.03.12 00:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.12 00:51:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.12 00:52:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 20:10:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 20:10:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.11 20:10:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 20:10:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 20:10:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 20:10:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Marcel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [ICQ] D:\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [SkyDrive] C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7110CB85-BFA3-4C56-ACB6-0F2D9FC8ACC3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9915087E-A623-4958-88BB-AED5AF7FC7C4}: DhcpNameServer = 131.246.9.116 131.246.1.116 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell - "" = AutoRun O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell - "" = AutoRun O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.29 12:15:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.29 12:15:45 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.29 12:14:54 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Marcel\Desktop\JRT.exe [2013.03.29 01:50:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marcel\Desktop\tdsskiller.exe [2013.03.29 00:43:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2013.03.28 16:54:49 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021 [2013.03.27 21:21:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2013.03.27 19:11:23 | 000,000,000 | R--D | C] -- C:\Users\Marcel\SkyDrive [2013.03.27 00:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [2013.03.27 00:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone [2013.03.27 00:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2013.03.26 21:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.03.26 03:10:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 18:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.24 18:42:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.24 18:42:19 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.24 18:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.17 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battle Realms [2013.03.16 14:13:24 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\SimCity 4 [2013.03.16 14:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2013.03.16 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis [2013.03.16 01:27:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.16 01:27:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.16 01:27:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.16 01:27:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.16 01:27:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.16 01:27:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.16 01:27:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.16 01:27:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.16 01:27:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.16 01:27:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.16 01:27:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.16 01:27:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.16 01:27:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.16 01:27:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.16 01:27:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.16 01:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.15 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\Programs [2013.03.15 21:10:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.12 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.03.29 12:27:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.29 12:26:55 | 2123,976,703 | -HS- | M] () -- C:\hiberfil.sys [2013.03.29 12:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.29 12:22:12 | 000,609,993 | ---- | M] () -- C:\Users\Marcel\Desktop\adwcleaner.exe [2013.03.29 12:14:57 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Marcel\Desktop\JRT.exe [2013.03.29 12:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 12:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 01:50:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marcel\Desktop\tdsskiller.exe [2013.03.29 01:48:57 | 000,000,512 | ---- | M] () -- C:\Users\Marcel\Desktop\MBR.dat [2013.03.29 00:45:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2013.03.28 16:53:58 | 013,786,977 | ---- | M] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021.zip [2013.03.28 16:35:11 | 000,377,856 | ---- | M] () -- C:\Users\Marcel\Desktop\gmer_2.1.19155.exe [2013.03.28 02:42:02 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.28 02:42:02 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.28 02:42:02 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.28 02:42:02 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.28 02:42:02 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.28 02:41:54 | 001,590,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.27 21:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2013.03.27 18:57:36 | 000,002,026 | ---- | M] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk [2013.03.26 23:43:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.26 13:05:21 | 313,835,000 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.24 18:42:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.24 18:42:15 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.24 18:42:15 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.18 16:04:38 | 000,003,059 | ---- | M] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk [2013.03.16 14:13:14 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\SimCity 4.lnk [2013.03.15 22:23:14 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.15 22:23:14 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.15 21:11:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 21:01:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll ========== Files Created - No Company Name ========== [2013.03.29 12:22:08 | 000,609,993 | ---- | C] () -- C:\Users\Marcel\Desktop\adwcleaner.exe [2013.03.29 01:48:57 | 000,000,512 | ---- | C] () -- C:\Users\Marcel\Desktop\MBR.dat [2013.03.28 16:53:48 | 013,786,977 | ---- | C] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021.zip [2013.03.28 16:35:09 | 000,377,856 | ---- | C] () -- C:\Users\Marcel\Desktop\gmer_2.1.19155.exe [2013.03.27 19:11:23 | 000,002,184 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.03.27 18:57:36 | 000,002,026 | ---- | C] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk [2013.03.27 00:38:37 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.26 23:43:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.18 16:04:38 | 000,003,059 | ---- | C] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk [2013.03.16 14:13:14 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\SimCity 4.lnk [2013.03.15 21:10:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.16 21:59:26 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.03.2013 12:31:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,04% Memory free
15,94 Gb Paging File | 14,36 Gb Available in Paging File | 90,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 38,67 Gb Free Space | 38,67% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B12C1A4-7D89-478C-80AD-BC376D305F4B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D8EED73-27D7-4473-8508-A66E28691378}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F122A76-BB53-4A08-8BAE-2B1F89A8C5F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC0841F-EBA8-4A09-B844-756A9AB505D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ACE5863-7E27-4BE5-842D-5E44E6050000}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44ED232B-2A6F-4148-8B0E-C57082974C26}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F777C4D-33A8-4465-9389-BA42E75A7759}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5D7B516F-CF50-4228-A804-EA8086078F08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{670BFC23-0A76-4174-85C1-8497577E3C0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A4D740E-4A9F-4F14-9493-06FF605AB668}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7429B1CB-1EB3-4240-9A0C-8C3164BDB8CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{81EC6226-DCF6-42CF-884C-2149068F72C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D7B51B-8669-4C65-B293-A3D7DA6D1CF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA9E3FF-3A9F-4036-987F-1B9ED3E22653}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE8C73D9-E02E-4E7E-8DD8-C865A7021CB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79E5133-66C3-43B3-8CDD-1FA7497C568A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA28F387-E7B6-41E0-98FA-295370D27C72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE67CF32-9C4B-4060-8292-8B415866ADB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D82F49B9-6FCA-4400-AEEB-38B77AF9F533}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9A5092C-77AA-4064-8BAA-B2F08024CB77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F281F27E-212D-4B46-962F-7AD655488E03}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CBA2E9-7C2B-4D77-9C42-04DF90EEC5D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4EADAC2-CCA6-4985-A739-DE3DF5760EDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5C33322-8F7A-4D59-BB1E-F05BDF172569}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BEE0A-5D4B-4DFE-AEB8-B2C2E7BC606D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0980D335-DB20-4160-B4B3-DF4247889239}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{1416DB80-C34F-4976-951E-870656C37036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1439A8B1-BC56-4284-A7C4-B29447118B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1509B905-84E8-4387-B2C2-E2E78B7E712A}" = protocol=6 | dir=out | app=system |
"{1CF4B469-A92F-4462-8335-346EB4EB407E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{1D5E7BB5-02AA-4227-9288-405D1E490A70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26B29987-4E1C-4C28-93F3-3B6AA15C2ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C8025EC-DAA6-42CC-91CA-9BE269A42008}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{2E5846C0-0B04-458B-9D28-78BADA38737E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F83061C-D98A-44C0-A54C-F22DEF7A187F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{329D1D70-1E44-4CF8-88E4-126AD7598893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32E75B7E-9D06-4A9D-AC4A-C5697492A0AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33E2CC50-86C1-4FB8-9B67-D204F3301061}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{35DFEBE8-22B8-4505-81AE-237FD2864076}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3E0B332D-FE7C-4FBF-BFDC-43CBC183BA38}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{4089A2F8-E3AF-4F40-8F3F-7CC0BB841696}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{4706B015-45F7-4ACE-B4EB-2E253EAD5F7B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49A416F6-CDC5-40F3-AFF7-D05692A833A9}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{4FD7E8A9-B1BD-48F4-ADA5-C019AE06E52A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58EB19D5-8391-4BB0-8884-FAC8AAADEAA1}" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{59B65A99-FE1E-4942-B365-E3182B36BA74}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{5BC83DA0-6024-40A9-9094-DA539635C7A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{618D9FAD-5C3A-43C1-84BF-2C45D2CECE26}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{68F4DE10-B7DC-4213-B9B9-56B2AA12B1BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691E17C8-1D5D-4304-9C6C-8784D71E36EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7762E9E5-14A8-4063-AF1A-1DF2329D4339}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{798FC83A-C8AC-47EB-9D9B-CBB5CDD023A0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7B520039-2127-42B4-951E-73C854F0DA44}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{8BC07EA6-D399-49BA-8FC6-1CDAF313B351}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AD307F3-1FD9-4034-84F3-4F3A1A32610F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE36D6E-F223-4AAB-AF61-ABC66CD4F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D67A346-CB29-4A7A-B09B-60D9018B0C68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A58AB83E-C3D3-499B-989E-48F6EC3A9A66}" = dir=in | app=c:\users\marcel\appdata\local\microsoft\skydrive\skydrive.exe |
"{C11A7F46-1C46-4500-A35D-FB4744B32484}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C52AF2A8-D6B0-4B77-8AB9-A4BDE664D279}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{C7142AE0-37A3-4DE8-BE76-02309E17393F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDB0E7E-9105-44AF-AEED-6DAB07B27325}" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9D87791-4AD1-4206-AAC1-12AD4615427C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA4FC917-D6F7-4167-BC0D-DC0F55D07F1C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{FAC248BF-FAA6-4A78-9EDC-8D9CEC9C6EF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{11586AE9-943D-4AFA-9472-355130D1988B}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{4B819006-A64B-4737-8DCF-785EDAFF4557}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{6DE0CD46-9115-4C0C-AB64-E6FE91C8A163}D:\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"TCP Query User{78FFBB6E-8826-46B5-9332-5286FEE55643}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{84AA611D-D94D-494F-A795-54FFB5786C25}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B2D3FD3-C6B4-4114-942F-CC241253D06E}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{BE8EAFA9-866F-475D-A3F5-C65C5161FEB3}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{C9C42BC7-1FF8-48AE-86BB-160E6961D69A}D:\icq7m\icq.exe" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"TCP Query User{D3EEC0E2-165D-499B-9589-0F4D9FDB5F96}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{0480F8C3-EA10-4D8F-A2E2-ECD068E58054}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{2EE450DE-FF1C-48FC-87EB-22508D8A0359}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{402DC851-3E59-4300-9ED9-451A245E59CF}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5C7E0EBE-C045-469E-886A-8CB9455E8F7C}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{761C8177-7716-436F-98D4-D9F4960591D4}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{802B489B-4C32-4853-8694-398631E4ECC5}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{DE823802-8F04-4706-9303-82DBB1E68FA4}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E15B8227-FBD5-4341-A716-0F92F3C837A1}D:\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"UDP Query User{E2AA3373-BEE3-498F-9A15-1BFF3961DFDF}D:\icq7m\icq.exe" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18EFF59E-BB7D-40F9-BE20-6A910BADC2E1}" = Windows Phone
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenVPN" = OpenVPN 2.1.1-gui-1.0.3
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 07:28:48 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 29.03.2013 07:27:33 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:33 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010)
Description:
HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:38 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:48 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 29.03.2013 07:27:48 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 29.03.2013 07:27:49 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 29.03.2013 07:28:00 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1336 NULL object. Cannot establish a connection at this time.
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 29.03.2013 07:26:48 | Computer Name = Marcel-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 29.03.2013 07:29:40 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 29.03.2013 07:29:40 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
30.03.2013, 01:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 15:09
| #9 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo, hab alles so gemacht wie gewünscht. Der Qucikscan von Malewarebytes hat nix gefunden. HTML-Code: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.30.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcel :: MARCEL-PC [Administrator] 30.03.2013 13:54:36 mbam-log-2013-03-30 (13-54-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244312 Laufzeit: 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und der ESET hat 3 Sachen gefunden. HTML-Code: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=02b7e483c3a88e438be615d6ae91c39a # engine=13131 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-30 02:02:47 # local_time=2013-03-30 03:02:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 99 68972 230075457 61761 0 # compatibility_mode=5893 16776573 100 94 95793 116282017 0 0 # scanned=99740 # found=3 # cleaned=0 # scan_time=2903 sh=D1ECAF9ADED9D9EC6F54BFED1EA87A812AD5B6DF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AH trojan" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\jar_cache735929328256073457.tmp" sh=91ADE9C9D68F0B066A6A2FB54A13165DC5C672B7 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NBH trojan" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\jar_cache7795119890314936229.tmp" sh=CCEE04832AB5D3DDDD2FEF4B218A39446FA63D2B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NBH trojan" ac=I fn="C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\19685b89-7356a795" Vielen Dank schonmal  |
|
30.03.2013, 16:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Nur Reste in Temp. Bitte TFC anwenden TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 16:32
| #11 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Ich hab TFC angewendet und der PC hat einen Neustart gemacht. Muss ich jetzt noch etwas tun oder ist der PC wieder sauber? Vielen Dank für deine super Hilfe! |
|
30.03.2013, 17:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 17:51
| #13 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Ok, ich werde mir das mal anschaun. Mein System läuft wieder einwandfrei. Vielen Dank für deine Hilfe  Das Trojaner-Board ist einsame Spitze  Viele Grüße Marcel |
|
30.03.2013, 18:18
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 18:14
| #15 |
| | Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 Hallo, ich muss leider nochmal schreiben, da alle 2-3 Tage sich dieser Link wieder öffnet. Der Link öffnet sich auch, wenn ich nur einen Tab mit z.B. Facebook offen habe. Es stört mich eigentlich nicht, da der Link ja nur eine graue Seite zeigt. Da ich über diesen PC aber auch Online-Banking mache bin ich schon etwas verunsichert. Malewarebytes hat auch nix gefunden. HTML-Code: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.30.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcel :: MARCEL-PC [Administrator] 02.04.2013 21:40:51 mbam-log-2013-04-02 (21-40-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382648 Laufzeit: 51 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Viele Grüße Marcel |
|
| Themen zu Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088 |
| 7-zip, antivir, autorun, avira, bho, c:\windows\system32\cmd.exe, desktop, error, firefox, flash player, home, install.exe, logfile, mozilla, msiinstaller, object, plug-in, popup, realtek, registry, rundll, security, senden, spyware, stick, svchost.exe, teamspeak, usb, virus, warum, windows |
Linear-Darstellung
