| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2013, 14:36
| #1 |
 |  Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Seit einiger Zeit kann ich keine richtigen Eingaben im Internet mehr machen. Es werden bei normalem Schreiben immer wieder Zeichen ausgelassen. Das Problem tritt bei Chats auf, bei Onlinespielen (Siedleronline), aber auch in der Adressleiste oder dem Suchfeld der google Startseite. In e-Mail Programmen oder Word ist alles ganz normal. Auch dieser Text ließ sich problemlos schreiben. Geändert von robertjana (27.04.2013 um 14:53 Uhr) Grund: logfiles hinzugefügt |
|
27.04.2013, 18:03
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.04.2013, 19:18
| #3 | |||
| | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Dies sind die letzten Funde von Avira Antivir. Ein normales exportieren gelang nicht, da sich kein derartiges Fenster öffnete, indem man den Speicherort festlegen könnte.
__________________Code:
ATTFilter Die Datei 'C:\Users\Robert\Documents\Cameyo Apps\CCleaner.cameyo.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdv.899494' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57693591.qua' verschoben!
Die Datei 'C:\Users\Robert\Documents\Cameyo Apps\CCleaner Pro Free.cameyo.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.953309' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ffe1a36.qua' verschoben!
In der Datei 'C:\Users\remote\AppData\Local\Temp\A9267C35\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Beim Zugriff auf Daten der URL "hxxp://dl.yontoo.com/Install/6/yontoosetup.exe"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
In der Datei 'C:\Users\remote\AppData\Local\Temp\A9267C35\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Zitat:
Code:
ATTFilter Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
Zitat:
Zitat:
|
|
28.04.2013, 17:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.04.2013, 21:45
| #5 |
| | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Hallo cosinus. Eure Anleitungen sind ja echt spitze! Hier sind nun meine logs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.28.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
remote :: MULTIMEDIAPC [administrator]
28.04.2013 21:43:08
mbar-log-2013-04-28 (21-43-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32091
Time elapsed: 20 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\System32\cmdow.exe (PUP.Tool) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.28.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
remote :: MULTIMEDIAPC [administrator]
28.04.2013 22:33:31
mbar-log-2013-04-28 (22-33-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32061
Time elapsed: 20 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-28 22:38:40
-----------------------------
22:38:40.804 OS Version: Windows 6.1.7601 Service Pack 1
22:38:40.804 Number of processors: 2 586 0x402
22:38:40.804 ComputerName: MULTIMEDIAPC UserName: remote
22:38:42.224 Initialize success
22:39:31.787 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:39:31.787 Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
22:39:31.802 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-4
22:39:31.802 Disk 1 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
22:39:31.896 Disk 0 MBR read successfully
22:39:31.911 Disk 0 MBR scan
22:39:31.911 Disk 0 Windows 7 default MBR code
22:39:31.927 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:39:31.943 Disk 0 Partition - 00 0F Extended LBA 79893 MB offset 208845
22:39:31.958 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 350000 MB offset 163840000
22:39:32.005 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 46939 MB offset 880640000
22:39:32.036 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 79893 MB offset 208908
22:39:32.052 Disk 0 scanning sectors +976771072
22:39:32.130 Disk 0 scanning C:\Windows\system32\drivers
22:39:41.240 Service scanning
22:40:00.163 Modules scanning
22:40:07.121 Disk 0 trace - called modules:
22:40:07.152 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:40:07.152 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4a030]
22:40:07.152 3 CLASSPNP.SYS[8c97959e] -> nt!IofCallDriver -> [0x86b2f400]
22:40:07.167 5 ACPI.sys[8c03d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86b1f908]
22:40:07.167 Scan finished successfully
22:40:18.009 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\Trojanerboard\MBR.dat"
22:40:18.009 The log file has been saved successfully to "C:\Users\Robert\Desktop\Trojanerboard\aswMBR.txt"
Code:
ATTFilter 22:41:46.0904 5916 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:41:47.0124 5916 ============================================================
22:41:47.0124 5916 Current date / time: 2013/04/28 22:41:47.0124
22:41:47.0124 5916 SystemInfo:
22:41:47.0124 5916
22:41:47.0124 5916 OS Version: 6.1.7601 ServicePack: 1.0
22:41:47.0124 5916 Product type: Workstation
22:41:47.0124 5916 ComputerName: MULTIMEDIAPC
22:41:47.0124 5916 UserName: remote
22:41:47.0124 5916 Windows directory: C:\Windows
22:41:47.0124 5916 System windows directory: C:\Windows
22:41:47.0124 5916 Processor architecture: Intel x86
22:41:47.0124 5916 Number of processors: 2
22:41:47.0124 5916 Page size: 0x1000
22:41:47.0124 5916 Boot type: Normal boot
22:41:47.0124 5916 ============================================================
22:41:48.0274 5916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:48.0304 5916 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:48.0324 5916 ============================================================
22:41:48.0324 5916 \Device\Harddisk0\DR0:
22:41:48.0324 5916 MBR partitions:
22:41:48.0324 5916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:41:48.0344 5916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3300C, BlocksNum 0x9C0AC4A
22:41:48.0344 5916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x2AB98000
22:41:48.0344 5916 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x347D8000, BlocksNum 0x5BAD800
22:41:48.0344 5916 \Device\Harddisk1\DR1:
22:41:48.0364 5916 MBR partitions:
22:41:48.0364 5916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10D8728D
22:41:48.0364 5916 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x10D87800, BlocksNum 0xC43D000
22:41:48.0364 5916 ============================================================
22:41:48.0384 5916 C: <-> \Device\Harddisk0\DR0\Partition2
22:41:48.0424 5916 D: <-> \Device\Harddisk0\DR0\Partition3
22:41:48.0464 5916 E: <-> \Device\Harddisk0\DR0\Partition4
22:41:48.0494 5916 H: <-> \Device\Harddisk1\DR1\Partition1
22:41:48.0534 5916 G: <-> \Device\Harddisk1\DR1\Partition2
22:41:48.0534 5916 ============================================================
22:41:48.0534 5916 Initialize success
22:41:48.0534 5916 ============================================================
22:43:14.0287 2908 ============================================================
22:43:14.0287 2908 Scan started
22:43:14.0287 2908 Mode: Manual; SigCheck; TDLFS;
22:43:14.0287 2908 ============================================================
22:43:15.0035 2908 ================ Scan system memory ========================
22:43:15.0035 2908 System memory - ok
22:43:15.0035 2908 ================ Scan services =============================
22:43:15.0191 2908 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:43:15.0301 2908 1394ohci - ok
22:43:15.0457 2908 [ 77B8A30E614786BB8F878D2B9346F6CC ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
22:43:15.0519 2908 ABBYY.Licensing.FineReader.Professional.9.0 - ok
22:43:15.0581 2908 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:43:15.0628 2908 ACPI - ok
22:43:15.0644 2908 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:43:15.0784 2908 AcpiPmi - ok
22:43:15.0940 2908 [ 16EF8223547EDD1C8C2D2077DE0345CE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
22:43:15.0971 2908 AcrSch2Svc - ok
22:43:16.0081 2908 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:43:16.0096 2908 AdobeARMservice - ok
22:43:16.0190 2908 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:43:16.0237 2908 AdobeFlashPlayerUpdateSvc - ok
22:43:16.0315 2908 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:16.0361 2908 adp94xx - ok
22:43:16.0393 2908 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:43:16.0408 2908 adpahci - ok
22:43:16.0424 2908 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:43:16.0439 2908 adpu320 - ok
22:43:16.0455 2908 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:43:16.0517 2908 AeLookupSvc - ok
22:43:16.0564 2908 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
22:43:16.0595 2908 afcdp - ok
22:43:16.0689 2908 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
22:43:16.0751 2908 afcdpsrv - ok
22:43:16.0829 2908 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:43:16.0876 2908 AFD - ok
22:43:16.0923 2908 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:43:16.0954 2908 agp440 - ok
22:43:16.0985 2908 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:43:17.0001 2908 aic78xx - ok
22:43:17.0017 2908 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:43:17.0032 2908 ALG - ok
22:43:17.0048 2908 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:43:17.0048 2908 aliide - ok
22:43:17.0079 2908 [ 0FF34F07379FBEB7AFE0B2487C12B5A5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:43:17.0141 2908 AMD External Events Utility - ok
22:43:17.0157 2908 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:43:17.0173 2908 amdagp - ok
22:43:17.0188 2908 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:43:17.0188 2908 amdide - ok
22:43:17.0219 2908 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:43:17.0266 2908 AmdK8 - ok
22:43:17.0297 2908 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:43:17.0313 2908 AmdPPM - ok
22:43:17.0344 2908 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:43:17.0360 2908 amdsata - ok
22:43:17.0375 2908 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:17.0391 2908 amdsbs - ok
22:43:17.0391 2908 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:43:17.0407 2908 amdxata - ok
22:43:17.0500 2908 [ 76544F01FA0D79CE6F525B6EB475BEF9 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:43:17.0531 2908 AntiVirMailService - ok
22:43:17.0609 2908 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:43:17.0641 2908 AntiVirSchedulerService - ok
22:43:17.0687 2908 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:43:17.0719 2908 AntiVirService - ok
22:43:17.0875 2908 [ 932B178CF3840CFC8B0051523F657A8A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:43:17.0921 2908 AntiVirWebService - ok
22:43:17.0953 2908 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:43:18.0062 2908 AppID - ok
22:43:18.0109 2908 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:43:18.0187 2908 AppIDSvc - ok
22:43:18.0202 2908 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:43:18.0233 2908 Appinfo - ok
22:43:18.0265 2908 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:43:18.0296 2908 AppMgmt - ok
22:43:18.0343 2908 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:43:18.0374 2908 arc - ok
22:43:18.0389 2908 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:43:18.0405 2908 arcsas - ok
22:43:18.0483 2908 [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO C:\Windows\system32\drivers\AsIO.sys
22:43:18.0514 2908 AsIO - ok
22:43:18.0530 2908 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\Windows\system32\drivers\AsUpIO.sys
22:43:18.0530 2908 AsUpIO - ok
22:43:18.0577 2908 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:43:18.0701 2908 AsyncMac - ok
22:43:18.0764 2908 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:43:18.0795 2908 atapi - ok
22:43:18.0826 2908 [ BB9E7C7F937714F05A4E05C287D6DDFF ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:43:18.0857 2908 AtiHdmiService - ok
22:43:18.0967 2908 [ E518E13C6F11A94D263F1A611A011B8F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:19.0076 2908 atikmdag - ok
22:43:19.0107 2908 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:43:19.0138 2908 AtiPcie - ok
22:43:19.0216 2908 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:43:19.0294 2908 AudioEndpointBuilder - ok
22:43:19.0294 2908 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:43:19.0325 2908 Audiosrv - ok
22:43:19.0403 2908 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:43:19.0435 2908 avgntflt - ok
22:43:19.0466 2908 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:43:19.0481 2908 avipbb - ok
22:43:19.0544 2908 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:43:19.0559 2908 avkmgr - ok
22:43:19.0606 2908 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:43:19.0669 2908 AxInstSV - ok
22:43:19.0700 2908 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:43:19.0747 2908 b06bdrv - ok
22:43:19.0793 2908 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:43:19.0840 2908 b57nd60x - ok
22:43:19.0887 2908 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:43:19.0918 2908 BDESVC - ok
22:43:19.0934 2908 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:43:19.0981 2908 Beep - ok
22:43:20.0027 2908 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:43:20.0043 2908 BFE - ok
22:43:20.0121 2908 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:43:20.0199 2908 BITS - ok
22:43:20.0199 2908 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:20.0215 2908 blbdrive - ok
22:43:20.0277 2908 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:43:20.0339 2908 bowser - ok
22:43:20.0355 2908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:43:20.0402 2908 BrFiltLo - ok
22:43:20.0417 2908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:43:20.0449 2908 BrFiltUp - ok
22:43:20.0495 2908 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:43:20.0542 2908 Browser - ok
22:43:20.0573 2908 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:43:20.0605 2908 Brserid - ok
22:43:20.0620 2908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:20.0683 2908 BrSerWdm - ok
22:43:20.0698 2908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:20.0729 2908 BrUsbMdm - ok
22:43:20.0745 2908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:20.0761 2908 BrUsbSer - ok
22:43:20.0776 2908 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:43:20.0807 2908 BTHMODEM - ok
22:43:20.0839 2908 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:43:20.0917 2908 bthserv - ok
22:43:20.0948 2908 [ 6B67131A4FE1FCD3F40C184C978B907F ] camvid20 C:\Windows\system32\DRIVERS\camdrv21.sys
22:43:20.0979 2908 camvid20 ( UnsignedFile.Multi.Generic ) - warning
22:43:20.0979 2908 camvid20 - detected UnsignedFile.Multi.Generic (1)
22:43:20.0995 2908 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:43:21.0041 2908 cdfs - ok
22:43:21.0104 2908 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:43:21.0135 2908 cdrom - ok
22:43:21.0182 2908 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:43:21.0213 2908 CertPropSvc - ok
22:43:21.0244 2908 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:43:21.0260 2908 circlass - ok
22:43:21.0275 2908 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:43:21.0291 2908 CLFS - ok
22:43:21.0353 2908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:21.0385 2908 clr_optimization_v2.0.50727_32 - ok
22:43:21.0619 2908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:21.0650 2908 clr_optimization_v4.0.30319_32 - ok
22:43:21.0681 2908 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:43:21.0681 2908 CmBatt - ok
22:43:21.0728 2908 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:43:21.0759 2908 cmdide - ok
22:43:21.0853 2908 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
22:43:21.0899 2908 CNG - ok
22:43:21.0915 2908 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:43:21.0931 2908 Compbatt - ok
22:43:21.0993 2908 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:43:22.0024 2908 CompositeBus - ok
22:43:22.0040 2908 COMSysApp - ok
22:43:22.0071 2908 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:43:22.0087 2908 crcdisk - ok
22:43:22.0180 2908 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:43:22.0227 2908 CryptSvc - ok
22:43:22.0274 2908 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:43:22.0336 2908 CSC - ok
22:43:22.0367 2908 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:43:22.0414 2908 CscService - ok
22:43:22.0430 2908 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:43:22.0477 2908 DcomLaunch - ok
22:43:22.0508 2908 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:43:22.0539 2908 defragsvc - ok
22:43:22.0586 2908 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:43:22.0664 2908 DfsC - ok
22:43:22.0726 2908 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:43:22.0773 2908 Dhcp - ok
22:43:22.0789 2908 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:43:22.0835 2908 discache - ok
22:43:22.0851 2908 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:43:22.0867 2908 Disk - ok
22:43:22.0929 2908 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:43:22.0960 2908 Dnscache - ok
22:43:23.0007 2908 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:43:23.0054 2908 dot3svc - ok
22:43:23.0101 2908 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:43:23.0179 2908 DPS - ok
22:43:23.0210 2908 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:43:23.0241 2908 drmkaud - ok
22:43:23.0288 2908 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:43:23.0335 2908 DXGKrnl - ok
22:43:23.0350 2908 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:43:23.0397 2908 EapHost - ok
22:43:23.0459 2908 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:43:23.0522 2908 ebdrv - ok
22:43:23.0584 2908 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:43:23.0631 2908 EFS - ok
22:43:23.0725 2908 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:43:23.0787 2908 ehRecvr - ok
22:43:23.0803 2908 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:43:23.0818 2908 ehSched - ok
22:43:23.0849 2908 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:43:23.0865 2908 elxstor - ok
22:43:23.0865 2908 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:43:23.0896 2908 ErrDev - ok
22:43:23.0927 2908 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:43:23.0943 2908 EventSystem - ok
22:43:23.0959 2908 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:43:24.0005 2908 exfat - ok
22:43:24.0021 2908 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:43:24.0052 2908 fastfat - ok
22:43:24.0068 2908 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:43:24.0099 2908 Fax - ok
22:43:24.0115 2908 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:43:24.0115 2908 fdc - ok
22:43:24.0130 2908 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:43:24.0146 2908 fdPHost - ok
22:43:24.0161 2908 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:43:24.0193 2908 FDResPub - ok
22:43:24.0208 2908 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:43:24.0224 2908 FileInfo - ok
22:43:24.0224 2908 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:43:24.0255 2908 Filetrace - ok
22:43:24.0395 2908 [ DFADECE1B66095F3F247ACC0EBDC5F8D ] FlexNet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
22:43:24.0427 2908 FlexNet Licensing Service - ok
22:43:24.0442 2908 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:24.0458 2908 flpydisk - ok
22:43:24.0489 2908 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:43:24.0505 2908 FltMgr - ok
22:43:24.0692 2908 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:43:24.0739 2908 FontCache - ok
22:43:24.0817 2908 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:43:24.0832 2908 FontCache3.0.0.0 - ok
22:43:24.0848 2908 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:43:24.0863 2908 FsDepends - ok
22:43:24.0910 2908 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:43:24.0941 2908 fssfltr - ok
22:43:25.0097 2908 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:43:25.0144 2908 fsssvc - ok
22:43:25.0207 2908 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:43:25.0238 2908 Fs_Rec - ok
22:43:25.0316 2908 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:43:25.0347 2908 fvevol - ok
22:43:25.0378 2908 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:43:25.0394 2908 gagp30kx - ok
22:43:25.0456 2908 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:43:25.0534 2908 gpsvc - ok
22:43:25.0550 2908 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:43:25.0581 2908 hcw85cir - ok
22:43:25.0643 2908 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:43:25.0706 2908 HdAudAddService - ok
22:43:25.0721 2908 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:43:25.0753 2908 HDAudBus - ok
22:43:25.0768 2908 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:43:25.0784 2908 HidBatt - ok
22:43:25.0799 2908 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:43:25.0831 2908 HidBth - ok
22:43:25.0846 2908 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:43:25.0877 2908 HidIr - ok
22:43:25.0909 2908 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:43:25.0955 2908 hidserv - ok
22:43:26.0018 2908 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:43:26.0065 2908 HidUsb - ok
22:43:26.0127 2908 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:43:26.0189 2908 hkmsvc - ok
22:43:26.0283 2908 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:43:26.0345 2908 HomeGroupListener - ok
22:43:26.0392 2908 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:43:26.0439 2908 HomeGroupProvider - ok
22:43:26.0626 2908 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:43:26.0642 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0642 2908 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:43:26.0689 2908 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:43:26.0704 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0704 2908 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:43:26.0798 2908 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:43:26.0829 2908 HpSAMD - ok
22:43:26.0891 2908 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:43:26.0907 2908 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0907 2908 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:43:26.0985 2908 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:43:27.0047 2908 HTTP - ok
22:43:27.0079 2908 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:43:27.0110 2908 hwpolicy - ok
22:43:27.0125 2908 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:43:27.0157 2908 i8042prt - ok
22:43:27.0172 2908 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:43:27.0203 2908 iaStorV - ok
22:43:27.0297 2908 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:43:27.0328 2908 idsvc - ok
22:43:27.0375 2908 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:43:27.0391 2908 iirsp - ok
22:43:27.0422 2908 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:43:27.0469 2908 IKEEXT - ok
22:43:27.0500 2908 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:43:27.0531 2908 intelide - ok
22:43:27.0562 2908 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:43:27.0578 2908 intelppm - ok
22:43:27.0625 2908 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:43:27.0656 2908 IPBusEnum - ok
22:43:27.0671 2908 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:27.0703 2908 IpFilterDriver - ok
22:43:27.0796 2908 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:43:27.0859 2908 iphlpsvc - ok
22:43:27.0890 2908 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:43:27.0921 2908 IPMIDRV - ok
22:43:27.0937 2908 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:43:27.0968 2908 IPNAT - ok
22:43:27.0983 2908 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:43:27.0999 2908 IRENUM - ok
22:43:28.0061 2908 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:43:28.0108 2908 isapnp - ok
22:43:28.0124 2908 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:43:28.0139 2908 iScsiPrt - ok
22:43:28.0171 2908 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:43:28.0186 2908 kbdclass - ok
22:43:28.0217 2908 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:43:28.0249 2908 kbdhid - ok
22:43:28.0264 2908 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:43:28.0264 2908 KeyIso - ok
22:43:28.0295 2908 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:43:28.0311 2908 KSecDD - ok
22:43:28.0405 2908 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:43:28.0436 2908 KSecPkg - ok
22:43:28.0498 2908 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:43:28.0592 2908 KtmRm - ok
22:43:28.0623 2908 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:43:28.0654 2908 LanmanServer - ok
22:43:28.0670 2908 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:43:28.0685 2908 LanmanWorkstation - ok
22:43:28.0732 2908 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:43:28.0810 2908 lltdio - ok
22:43:28.0826 2908 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:43:28.0857 2908 lltdsvc - ok
22:43:28.0857 2908 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:43:28.0888 2908 lmhosts - ok
22:43:28.0919 2908 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:43:28.0935 2908 LSI_FC - ok
22:43:28.0935 2908 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:43:28.0935 2908 LSI_SAS - ok
22:43:28.0951 2908 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:43:28.0951 2908 LSI_SAS2 - ok
22:43:28.0951 2908 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:43:28.0966 2908 LSI_SCSI - ok
22:43:28.0997 2908 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:43:29.0013 2908 luafv - ok
22:43:29.0107 2908 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
22:43:29.0138 2908 LVRS - ok
22:43:29.0278 2908 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
22:43:29.0372 2908 LVUVC - ok
22:43:29.0419 2908 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:43:29.0450 2908 Mcx2Svc - ok
22:43:29.0465 2908 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:43:29.0481 2908 megasas - ok
22:43:29.0512 2908 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:43:29.0512 2908 MegaSR - ok
22:43:29.0653 2908 Microsoft SharePoint Workspace Audit Service - ok
22:43:29.0684 2908 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:43:29.0762 2908 MMCSS - ok
22:43:29.0777 2908 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:43:29.0809 2908 Modem - ok
22:43:29.0824 2908 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:43:29.0855 2908 monitor - ok
22:43:29.0933 2908 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:43:29.0965 2908 mouclass - ok
22:43:29.0980 2908 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:43:29.0996 2908 mouhid - ok
22:43:30.0074 2908 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:43:30.0105 2908 mountmgr - ok
22:43:30.0199 2908 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:43:30.0230 2908 MozillaMaintenance - ok
22:43:30.0308 2908 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:43:30.0386 2908 mpio - ok
22:43:30.0433 2908 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:43:30.0573 2908 mpsdrv - ok
22:43:30.0635 2908 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:43:30.0698 2908 MpsSvc - ok
22:43:30.0760 2908 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:43:30.0807 2908 MRxDAV - ok
22:43:30.0885 2908 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:30.0947 2908 mrxsmb - ok
22:43:30.0994 2908 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:31.0041 2908 mrxsmb10 - ok
22:43:31.0057 2908 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:31.0103 2908 mrxsmb20 - ok
22:43:31.0119 2908 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:43:31.0135 2908 msahci - ok
22:43:31.0150 2908 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:43:31.0166 2908 msdsm - ok
22:43:31.0181 2908 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:43:31.0213 2908 MSDTC - ok
22:43:31.0259 2908 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:43:31.0275 2908 Msfs - ok
22:43:31.0291 2908 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:43:31.0322 2908 mshidkmdf - ok
22:43:31.0353 2908 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:43:31.0369 2908 msisadrv - ok
22:43:31.0447 2908 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:43:31.0509 2908 MSiSCSI - ok
22:43:31.0509 2908 msiserver - ok
22:43:31.0540 2908 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:43:31.0571 2908 MSKSSRV - ok
22:43:31.0587 2908 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:31.0603 2908 MSPCLOCK - ok
22:43:31.0618 2908 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:43:31.0649 2908 MSPQM - ok
22:43:31.0665 2908 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:43:31.0681 2908 MsRPC - ok
22:43:31.0681 2908 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:43:31.0696 2908 mssmbios - ok
22:43:31.0712 2908 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:43:31.0727 2908 MSTEE - ok
22:43:31.0743 2908 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:43:31.0743 2908 MTConfig - ok
22:43:31.0774 2908 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:43:31.0805 2908 MTsensor - ok
22:43:31.0821 2908 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:43:31.0821 2908 Mup - ok
22:43:31.0930 2908 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:43:32.0008 2908 napagent - ok
22:43:32.0039 2908 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:43:32.0055 2908 NativeWifiP - ok
22:43:32.0117 2908 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:43:32.0164 2908 NDIS - ok
22:43:32.0180 2908 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:43:32.0211 2908 NdisCap - ok
22:43:32.0227 2908 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:32.0258 2908 NdisTapi - ok
22:43:32.0320 2908 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:32.0367 2908 Ndisuio - ok
22:43:32.0414 2908 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:32.0461 2908 NdisWan - ok
22:43:32.0476 2908 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:43:32.0523 2908 NDProxy - ok
22:43:32.0601 2908 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:43:32.0617 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:43:32.0617 2908 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:43:32.0648 2908 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:43:32.0695 2908 NetBIOS - ok
22:43:32.0741 2908 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:43:32.0804 2908 NetBT - ok
22:43:32.0819 2908 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:43:32.0819 2908 Netlogon - ok
22:43:32.0866 2908 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:43:32.0897 2908 Netman - ok
22:43:32.0913 2908 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:43:32.0929 2908 netprofm - ok
22:43:32.0944 2908 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:43:32.0960 2908 NetTcpPortSharing - ok
22:43:32.0975 2908 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:43:32.0991 2908 nfrd960 - ok
22:43:33.0069 2908 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:43:33.0100 2908 NlaSvc - ok
22:43:33.0178 2908 [ 4F0DE685A96DC843CCC8A861B3FAC12D ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
22:43:33.0225 2908 nmwcdnsu - ok
22:43:33.0350 2908 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
22:43:33.0381 2908 NPF - ok
22:43:33.0381 2908 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:43:33.0412 2908 Npfs - ok
22:43:33.0443 2908 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:43:33.0459 2908 nsi - ok
22:43:33.0490 2908 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:43:33.0537 2908 nsiproxy - ok
22:43:33.0646 2908 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:43:33.0693 2908 Ntfs - ok
22:43:33.0693 2908 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:43:33.0724 2908 Null - ok
22:43:33.0755 2908 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:43:33.0771 2908 nvraid - ok
22:43:33.0787 2908 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:43:33.0787 2908 nvstor - ok
22:43:33.0833 2908 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:43:33.0833 2908 nv_agp - ok
22:43:33.0849 2908 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:43:33.0865 2908 ohci1394 - ok
22:43:33.0943 2908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:33.0974 2908 ose - ok
22:43:34.0192 2908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:43:34.0270 2908 osppsvc - ok
22:43:34.0317 2908 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:43:34.0348 2908 p2pimsvc - ok
22:43:34.0364 2908 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:43:34.0379 2908 p2psvc - ok
22:43:34.0411 2908 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:43:34.0442 2908 Parport - ok
22:43:34.0551 2908 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:43:34.0582 2908 partmgr - ok
22:43:34.0598 2908 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:43:34.0629 2908 Parvdm - ok
22:43:34.0645 2908 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:43:34.0660 2908 PcaSvc - ok
22:43:34.0707 2908 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:43:34.0738 2908 pci - ok
22:43:34.0754 2908 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:43:34.0769 2908 pciide - ok
22:43:34.0801 2908 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:43:34.0832 2908 pcmcia - ok
22:43:34.0863 2908 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:43:34.0894 2908 pcw - ok
22:43:34.0972 2908 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:43:35.0035 2908 PEAUTH - ok
22:43:35.0097 2908 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:43:35.0159 2908 PeerDistSvc - ok
22:43:35.0269 2908 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:43:35.0315 2908 pla - ok
22:43:35.0393 2908 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:43:35.0440 2908 PlugPlay - ok
22:43:35.0518 2908 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:43:35.0565 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:43:35.0565 2908 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:43:35.0596 2908 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:43:35.0643 2908 PNRPAutoReg - ok
22:43:35.0659 2908 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:43:35.0674 2908 PNRPsvc - ok
22:43:35.0705 2908 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:43:35.0737 2908 PolicyAgent - ok
22:43:35.0752 2908 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:43:35.0768 2908 Power - ok
22:43:35.0799 2908 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:43:35.0861 2908 PptpMiniport - ok
22:43:35.0877 2908 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:43:35.0893 2908 Processor - ok
22:43:35.0955 2908 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:43:36.0002 2908 ProfSvc - ok
22:43:36.0017 2908 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:43:36.0017 2908 ProtectedStorage - ok
22:43:36.0080 2908 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
22:43:36.0127 2908 psadd - ok
22:43:36.0158 2908 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:43:36.0205 2908 Psched - ok
22:43:36.0236 2908 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:43:36.0267 2908 ql2300 - ok
22:43:36.0283 2908 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:43:36.0298 2908 ql40xx - ok
22:43:36.0329 2908 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:43:36.0345 2908 QWAVE - ok
22:43:36.0361 2908 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:43:36.0376 2908 QWAVEdrv - ok
22:43:36.0376 2908 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:43:36.0407 2908 RasAcd - ok
22:43:36.0470 2908 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:43:36.0532 2908 RasAgileVpn - ok
22:43:36.0548 2908 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:43:36.0579 2908 RasAuto - ok
22:43:36.0595 2908 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:36.0626 2908 Rasl2tp - ok
22:43:36.0688 2908 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:43:36.0751 2908 RasMan - ok
22:43:36.0766 2908 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:36.0813 2908 RasPppoe - ok
22:43:36.0829 2908 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:43:36.0844 2908 RasSstp - ok
22:43:36.0922 2908 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:43:37.0000 2908 rdbss - ok
22:43:37.0016 2908 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:43:37.0016 2908 rdpbus - ok
22:43:37.0047 2908 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:37.0078 2908 RDPCDD - ok
22:43:37.0094 2908 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:43:37.0125 2908 RDPDR - ok
22:43:37.0156 2908 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:43:37.0187 2908 RDPENCDD - ok
22:43:37.0187 2908 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:43:37.0219 2908 RDPREFMP - ok
22:43:37.0297 2908 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:43:37.0343 2908 RdpVideoMiniport - ok
22:43:37.0499 2908 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:43:37.0577 2908 RDPWD - ok
22:43:37.0624 2908 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:43:37.0640 2908 rdyboost - ok
22:43:37.0671 2908 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:43:37.0718 2908 RemoteAccess - ok
22:43:37.0733 2908 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:43:37.0780 2908 RemoteRegistry - ok
22:43:37.0827 2908 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
22:43:37.0858 2908 rpcapd - ok
22:43:37.0874 2908 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:43:37.0905 2908 RpcEptMapper - ok
22:43:37.0921 2908 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:43:37.0936 2908 RpcLocator - ok
22:43:37.0967 2908 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:43:37.0983 2908 RpcSs - ok
22:43:38.0014 2908 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:43:38.0030 2908 rspndr - ok
22:43:38.0139 2908 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:43:38.0170 2908 RTL8167 - ok
22:43:38.0279 2908 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
22:43:38.0311 2908 RTL8192su - ok
22:43:38.0373 2908 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:43:38.0404 2908 s3cap - ok
22:43:38.0420 2908 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:43:38.0435 2908 SamSs - ok
22:43:38.0451 2908 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:43:38.0451 2908 sbp2port - ok
22:43:38.0467 2908 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:43:38.0498 2908 SCardSvr - ok
22:43:38.0513 2908 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:43:38.0560 2908 scfilter - ok
22:43:38.0607 2908 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:43:38.0669 2908 Schedule - ok
22:43:38.0716 2908 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:43:38.0732 2908 SCPolicySvc - ok
22:43:38.0794 2908 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:43:38.0841 2908 SDRSVC - ok
22:43:38.0888 2908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:43:38.0935 2908 secdrv - ok
22:43:38.0935 2908 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:43:38.0966 2908 seclogon - ok
22:43:38.0981 2908 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:43:39.0013 2908 SENS - ok
22:43:39.0044 2908 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:43:39.0075 2908 SensrSvc - ok
22:43:39.0091 2908 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:43:39.0122 2908 Serenum - ok
22:43:39.0137 2908 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:43:39.0153 2908 Serial - ok
22:43:39.0169 2908 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:43:39.0184 2908 sermouse - ok
22:43:39.0231 2908 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:43:39.0262 2908 SessionEnv - ok
22:43:39.0293 2908 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:43:39.0325 2908 sffdisk - ok
22:43:39.0340 2908 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:43:39.0356 2908 sffp_mmc - ok
22:43:39.0371 2908 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:43:39.0387 2908 sffp_sd - ok
22:43:39.0403 2908 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:43:39.0418 2908 sfloppy - ok
22:43:39.0449 2908 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:43:39.0481 2908 SharedAccess - ok
22:43:39.0496 2908 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:43:39.0527 2908 ShellHWDetection - ok
22:43:39.0543 2908 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:43:39.0559 2908 sisagp - ok
22:43:39.0574 2908 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:43:39.0590 2908 SiSRaid2 - ok
22:43:39.0605 2908 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:43:39.0621 2908 SiSRaid4 - ok
22:43:39.0637 2908 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:43:39.0652 2908 Smb - ok
22:43:39.0730 2908 [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
22:43:39.0746 2908 snapman - ok
22:43:39.0808 2908 [ D079068B720258EA3D0653ECAC2F9874 ] SNL320XP C:\Windows\system32\DRIVERS\9kdUSBXP.sys
22:43:39.0855 2908 SNL320XP - ok
22:43:39.0886 2908 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:43:39.0917 2908 SNMPTRAP - ok
22:43:39.0949 2908 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:43:39.0980 2908 spldr - ok
22:43:40.0042 2908 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:43:40.0105 2908 Spooler - ok
22:43:40.0229 2908 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:43:40.0292 2908 sppsvc - ok
22:43:40.0385 2908 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:43:40.0448 2908 sppuinotify - ok
22:43:40.0526 2908 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:43:40.0588 2908 srv - ok
22:43:40.0619 2908 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:43:40.0651 2908 srv2 - ok
22:43:40.0666 2908 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:43:40.0697 2908 srvnet - ok
22:43:40.0713 2908 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:43:40.0760 2908 SSDPSRV - ok
22:43:40.0822 2908 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:43:40.0838 2908 ssmdrv - ok
22:43:40.0869 2908 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:43:40.0931 2908 SstpSvc - ok
22:43:40.0963 2908 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:43:40.0978 2908 stexstor - ok
22:43:41.0009 2908 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:43:41.0056 2908 StillCam - ok
22:43:41.0103 2908 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:43:41.0165 2908 StiSvc - ok
22:43:41.0197 2908 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:43:41.0197 2908 storflt - ok
22:43:41.0228 2908 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
22:43:41.0243 2908 StorSvc - ok
22:43:41.0259 2908 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:43:41.0275 2908 storvsc - ok
22:43:41.0337 2908 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:43:41.0368 2908 swenum - ok
22:43:41.0399 2908 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:43:41.0446 2908 swprv - ok
22:43:41.0602 2908 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:43:41.0633 2908 SysMain - ok
22:43:41.0649 2908 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:43:41.0680 2908 TabletInputService - ok
22:43:41.0743 2908 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:43:41.0789 2908 TapiSrv - ok
22:43:41.0821 2908 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:43:41.0867 2908 TBS - ok
22:43:41.0961 2908 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:43:42.0008 2908 Tcpip - ok
22:43:42.0039 2908 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:43:42.0070 2908 TCPIP6 - ok
22:43:42.0117 2908 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:43:42.0164 2908 tcpipreg - ok
22:43:42.0211 2908 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:43:42.0257 2908 TDPIPE - ok
22:43:42.0476 2908 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
22:43:42.0507 2908 tdrpman273 - ok
22:43:42.0554 2908 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:43:42.0632 2908 TDTCP - ok
22:43:42.0710 2908 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:43:42.0757 2908 tdx - ok
22:43:42.0959 2908 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
22:43:43.0022 2908 TeamViewer8 - ok
22:43:43.0053 2908 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:43:43.0053 2908 TermDD - ok
22:43:43.0131 2908 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:43:43.0162 2908 TermService - ok
22:43:43.0193 2908 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:43:43.0225 2908 Themes - ok
22:43:43.0240 2908 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:43:43.0271 2908 THREADORDER - ok
22:43:43.0365 2908 [ 3E06987FEDBCDFBFF8E85EF8108565F9 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
22:43:43.0381 2908 timounter - ok
22:43:43.0412 2908 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:43:43.0443 2908 TrkWks - ok
22:43:43.0568 2908 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:43:43.0615 2908 TrustedInstaller - ok
22:43:43.0661 2908 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:43.0693 2908 tssecsrv - ok
22:43:43.0755 2908 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:43:43.0802 2908 TsUsbFlt - ok
22:43:43.0880 2908 [ 45711BAAC7737EE33985B693227FB3CA ] TTUSB2BDA C:\Windows\system32\DRIVERS\ttusb2bda.sys
22:43:43.0927 2908 TTUSB2BDA - ok
22:43:43.0973 2908 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:43:44.0005 2908 tunnel - ok
22:43:44.0051 2908 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:43:44.0083 2908 uagp35 - ok
22:43:44.0114 2908 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:43:44.0145 2908 udfs - ok
22:43:44.0176 2908 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:43:44.0207 2908 UI0Detect - ok
22:43:44.0270 2908 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:43:44.0285 2908 uliagpkx - ok
22:43:44.0317 2908 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:43:44.0332 2908 umbus - ok
22:43:44.0348 2908 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:43:44.0363 2908 UmPass - ok
22:43:44.0426 2908 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:43:44.0457 2908 UmRdpService - ok
22:43:44.0551 2908 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:43:44.0582 2908 UMVPFSrv - ok
22:43:44.0613 2908 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:43:44.0660 2908 upnphost - ok
22:43:44.0738 2908 [ D339B7E74D908EEBEB4B4413B756150B ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys
22:43:44.0769 2908 USB28xxBGA - ok
22:43:44.0800 2908 [ 65C288D96EB8DBB6FE6787011E99665C ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys
22:43:44.0831 2908 USB28xxOEM - ok
22:43:44.0909 2908 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:43:44.0956 2908 usbaudio - ok
22:43:45.0034 2908 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:43:45.0097 2908 usbccgp - ok
22:43:45.0128 2908 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:43:45.0175 2908 usbcir - ok
22:43:45.0190 2908 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:43:45.0206 2908 usbehci - ok
22:43:45.0237 2908 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:43:45.0253 2908 usbhub - ok
22:43:45.0284 2908 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:43:45.0299 2908 usbohci - ok
22:43:45.0315 2908 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:43:45.0331 2908 usbprint - ok
22:43:45.0346 2908 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:45.0362 2908 USBSTOR - ok
22:43:45.0377 2908 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:43:45.0393 2908 usbuhci - ok
22:43:45.0409 2908 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:43:45.0440 2908 UxSms - ok
22:43:45.0455 2908 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:43:45.0471 2908 VaultSvc - ok
22:43:45.0487 2908 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:43:45.0487 2908 vdrvroot - ok
22:43:45.0549 2908 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:43:45.0611 2908 vds - ok
22:43:45.0627 2908 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:45.0627 2908 vga - ok
22:43:45.0643 2908 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:43:45.0674 2908 VgaSave - ok
22:43:45.0689 2908 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:43:45.0689 2908 vhdmp - ok
22:43:45.0736 2908 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:43:45.0752 2908 viaagp - ok
22:43:45.0767 2908 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:43:45.0767 2908 ViaC7 - ok
22:43:45.0845 2908 [ A6CAB31A6CFCD41E5213A924B2413EF1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:43:45.0923 2908 VIAHdAudAddService - ok
22:43:45.0955 2908 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:43:45.0986 2908 viaide - ok
22:43:46.0001 2908 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:43:46.0017 2908 vmbus - ok
22:43:46.0048 2908 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:43:46.0048 2908 VMBusHID - ok
22:43:46.0079 2908 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:43:46.0095 2908 volmgr - ok
22:43:46.0111 2908 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:43:46.0126 2908 volmgrx - ok
22:43:46.0142 2908 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:43:46.0157 2908 volsnap - ok
22:43:46.0189 2908 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:46.0189 2908 vsmraid - ok
22:43:46.0267 2908 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:43:46.0329 2908 VSS - ok
22:43:46.0345 2908 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:43:46.0376 2908 vwifibus - ok
22:43:46.0391 2908 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:43:46.0423 2908 vwififlt - ok
22:43:46.0454 2908 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:43:46.0485 2908 W32Time - ok
22:43:46.0501 2908 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:43:46.0516 2908 WacomPen - ok
22:43:46.0610 2908 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:43:46.0657 2908 WANARP - ok
22:43:46.0672 2908 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:43:46.0688 2908 Wanarpv6 - ok
22:43:46.0750 2908 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:43:46.0797 2908 wbengine - ok
22:43:46.0828 2908 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:43:46.0828 2908 WbioSrvc - ok
22:43:46.0875 2908 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:43:46.0922 2908 wcncsvc - ok
22:43:46.0937 2908 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:43:46.0953 2908 WcsPlugInService - ok
22:43:46.0969 2908 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:43:46.0984 2908 Wd - ok
22:43:47.0062 2908 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:43:47.0109 2908 Wdf01000 - ok
22:43:47.0109 2908 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:43:47.0140 2908 WdiServiceHost - ok
22:43:47.0140 2908 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:43:47.0156 2908 WdiSystemHost - ok
22:43:47.0218 2908 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:43:47.0265 2908 WebClient - ok
22:43:47.0281 2908 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:43:47.0312 2908 Wecsvc - ok
22:43:47.0327 2908 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:43:47.0359 2908 wercplsupport - ok
22:43:47.0390 2908 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:43:47.0421 2908 WerSvc - ok
22:43:47.0437 2908 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:47.0452 2908 WfpLwf - ok
22:43:47.0468 2908 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:43:47.0483 2908 WIMMount - ok
22:43:47.0546 2908 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:43:47.0593 2908 WinDefend - ok
22:43:47.0593 2908 WinHttpAutoProxySvc - ok
22:43:47.0655 2908 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:43:47.0717 2908 Winmgmt - ok
22:43:47.0780 2908 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:43:47.0858 2908 WinRM - ok
22:43:47.0920 2908 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:47.0967 2908 WinUsb - ok
22:43:48.0014 2908 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:43:48.0045 2908 Wlansvc - ok
22:43:48.0154 2908 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:43:48.0185 2908 wlcrasvc - ok
22:43:48.0357 2908 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:43:48.0388 2908 wlidsvc - ok
22:43:48.0435 2908 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:43:48.0466 2908 WmiAcpi - ok
22:43:48.0513 2908 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:43:48.0544 2908 wmiApSrv - ok
22:43:48.0685 2908 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:43:48.0731 2908 WMPNetworkSvc - ok
22:43:48.0747 2908 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:43:48.0763 2908 WPCSvc - ok
22:43:48.0809 2908 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:43:48.0856 2908 WPDBusEnum - ok
22:43:48.0887 2908 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:43:48.0934 2908 ws2ifsl - ok
22:43:48.0934 2908 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:43:48.0965 2908 wscsvc - ok
22:43:49.0028 2908 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:43:49.0059 2908 WSDPrintDevice - ok
22:43:49.0059 2908 WSearch - ok
22:43:49.0199 2908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:43:49.0246 2908 wuauserv - ok
22:43:49.0309 2908 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:43:49.0340 2908 WudfPf - ok
22:43:49.0371 2908 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:49.0387 2908 WUDFRd - ok
22:43:49.0402 2908 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:43:49.0433 2908 wudfsvc - ok
22:43:49.0449 2908 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:43:49.0480 2908 WwanSvc - ok
22:43:49.0543 2908 [ 4CAA1637520365C50331B454469DF58C ] [verify-U] C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
22:43:49.0558 2908 [verify-U] ( UnsignedFile.Multi.Generic ) - warning
22:43:49.0558 2908 [verify-U] - detected UnsignedFile.Multi.Generic (1)
22:43:49.0589 2908 [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
22:43:49.0605 2908 [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
22:43:49.0605 2908 [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
22:43:49.0605 2908 ================ Scan global ===============================
22:43:49.0667 2908 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:43:49.0761 2908 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:43:49.0777 2908 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:43:49.0808 2908 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:43:49.0823 2908 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:43:49.0839 2908 [Global] - ok
22:43:49.0839 2908 ================ Scan MBR ==================================
22:43:49.0839 2908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:43:50.0151 2908 \Device\Harddisk0\DR0 - ok
22:43:50.0182 2908 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
22:43:50.0245 2908 \Device\Harddisk1\DR1 - ok
22:43:50.0245 2908 ================ Scan VBR ==================================
22:43:50.0245 2908 [ C1F2706BE73D8E5E73F93C09726AD469 ] \Device\Harddisk0\DR0\Partition1
22:43:50.0245 2908 \Device\Harddisk0\DR0\Partition1 - ok
22:43:50.0276 2908 [ C9F213821C10DBC98B07CDD538F9AFBF ] \Device\Harddisk0\DR0\Partition2
22:43:50.0276 2908 \Device\Harddisk0\DR0\Partition2 - ok
22:43:50.0291 2908 [ 190D7E0AB05AE8D16BDD082E9B2BA64A ] \Device\Harddisk0\DR0\Partition3
22:43:50.0307 2908 \Device\Harddisk0\DR0\Partition3 - ok
22:43:50.0323 2908 [ DB03E70ED52E7701FE7348B65892D212 ] \Device\Harddisk0\DR0\Partition4
22:43:50.0323 2908 \Device\Harddisk0\DR0\Partition4 - ok
22:43:50.0338 2908 [ FA5EBF2DE3021535A666DC614E04D740 ] \Device\Harddisk1\DR1\Partition1
22:43:50.0338 2908 \Device\Harddisk1\DR1\Partition1 - ok
22:43:50.0369 2908 [ C88940EA26DE454EE830E39178328B75 ] \Device\Harddisk1\DR1\Partition2
22:43:50.0369 2908 \Device\Harddisk1\DR1\Partition2 - ok
22:43:50.0369 2908 ============================================================
22:43:50.0369 2908 Scan finished
22:43:50.0369 2908 ============================================================
22:43:50.0416 4860 Detected object count: 8
22:43:50.0416 4860 Actual detected object count: 8
22:44:08.0996 4860 camvid20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860 camvid20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:08.0996 4860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:08.0996 4860 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:09.0011 4860 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:09.0011 4860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:09.0011 4860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:09.0011 4860 [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860 [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:09.0011 4860 [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860 [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:32.0642 4212 Deinitialize success
 |
|
28.04.2013, 22:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) |
|
29.04.2013, 06:38
| #7 |
| | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Hallo cosinus. Ich habe den Suchlauf durchgeführt. Danach ist etwas merkwürdiges passiert. Statt mit dem Standardbenutzer, melde ich mich auf einmal nur noch mit dem administrator an. Auch bei dem Versuch Benutzer wechseln standardbenutzer meldet sich wieder der administrator an. KOMISCH! NACHTRAG: Nachdem ich das Kennwort für den Standardbenutzer geändert habe sfunktioniert auch diese Anmeldung wieder. (Vorher hattten beide Konten das gleiche Kennwort) Code:
ATTFilter ComboFix 13-04-28.01 - remote 29.04.2013 7:21.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3327.2065 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Desktop\Trojanerboard\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\remote\AppData\Local\assembly\tmp
c:\users\Robert\ALDI NORD Bestellsoftware Setup.exe
c:\users\Robert\AmazonMP3Installer-de_DE.exe
c:\users\Robert\AppData\Local\assembly\tmp
c:\users\Robert\ccsetup400.exe
c:\users\Robert\Documents\MFC668F.tmp
c:\users\Robert\Documents\MFCE379.tmp
c:\users\Robert\FlashPlayer_V.83947134b.exe
c:\users\Robert\FoxitReader602.0413_enu_Setup.exe
c:\users\Robert\gamesplayerinstall.exe
c:\users\Robert\mbam-setup-1.70.0.1100.exe
c:\users\Robert\MoveMediaPlayerWin_071802000001.exe
c:\users\Robert\MozBackup-1.4.10-EN.exe
c:\users\Robert\NPE_3110.exe
c:\users\Robert\OOo_3.2.1_Win_x86_install_de.exe
c:\users\Robert\Rossmann-Fotosoftware-Setup.exe
c:\users\Robert\Setup-SopCast-3.4.0-2011-6-9.exe
c:\users\Robert\SetupAnyDVD6634.exe
c:\users\Robert\SetupDVDDecrypter_3.5.4.0.exe
c:\users\Robert\smartesi2013winwebinstaller.exe
c:\users\Robert\TeamViewer_Setup_de-ckc.exe
c:\users\Robert\TeamViewer_Setup_de.exe
c:\users\Robert\TeamViewerQS_de-ckc.exe
c:\windows\system\Agcgauge.ax
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-28 bis 2013-04-29 ))))))))))))))))))))))))))))))
.
.
2013-04-29 05:29 . 2013-04-29 05:29 -------- d-----w- c:\users\Kinder\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:30 -------- d-----w- c:\users\remote\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29 -------- d-----w- c:\users\Robert\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-26 16:28 . 2013-04-26 16:28 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-26 15:55 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-04-26 15:55 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-26 15:55 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-26 15:55 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-24 07:29 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:46 . 2013-04-23 18:46 -------- d-----w- c:\users\remote\AppData\Roaming\player
2013-04-23 18:46 . 2013-04-23 18:46 -------- d-----w- c:\program files\Tuguu SL
2013-04-18 05:19 . 2013-04-18 05:19 -------- d-----w- c:\programdata\PictureMover
2013-04-17 18:45 . 2013-04-19 04:44 -------- d-----w- c:\users\Robert\AppData\Roaming\TeamDrive3
2013-04-17 18:45 . 2013-04-17 18:45 -------- d-----w- c:\programdata\TeamDrive3
2013-04-15 06:31 . 2013-04-15 06:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-09 23:51 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 23:51 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-09 23:51 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-09 23:51 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 23:51 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 23:51 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-09 16:12 . 2013-04-09 16:14 -------- d-----w- c:\program files\Rossmann Fotowelt Software
2013-04-08 12:13 . 2013-04-08 12:13 -------- d-----w- c:\users\Kinder\AppData\Roaming\MC-TVConverter
2013-04-08 12:13 . 2013-04-08 12:13 -------- d-----w- c:\users\Kinder\AppData\Roaming\PictureMover
2013-04-05 17:39 . 2013-04-05 17:43 -------- d-----w- c:\program files\ALDI NORD Bestellsoftware
2013-04-05 15:54 . 2013-04-05 15:54 -------- d-----w- c:\program files\Marktkauf
2013-04-05 15:35 . 2013-04-05 15:35 -------- d-----w- c:\program files\Pixum
2013-04-05 10:06 . 2013-04-05 10:06 -------- d-----w- c:\users\Robert\AppData\Roaming\SMART Technologies Inc
2013-04-05 10:06 . 2013-04-05 10:06 -------- d-----w- c:\users\Robert\AppData\Local\SMART Technologies Inc
2013-04-05 10:06 . 2013-04-05 10:06 -------- d-----w- c:\users\Robert\AppData\Roaming\SMART Technologies
2013-04-05 10:05 . 2013-04-05 10:05 -------- d-----w- c:\users\Robert\AppData\Local\SMART Technologies
2013-04-05 09:45 . 2013-04-05 09:48 -------- d-----w- c:\programdata\LAT 2.0 Deutsch
2013-04-05 09:44 . 2013-04-05 09:44 -------- d-----w- c:\programdata\FLEXnet
2013-04-05 09:35 . 2013-04-05 09:35 -------- d-----w- c:\users\remote\AppData\Roaming\SMART Technologies Inc
2013-04-05 09:35 . 2013-04-05 09:35 -------- d-----w- c:\users\remote\AppData\Local\SMART Technologies Inc
2013-04-05 09:34 . 2010-07-12 14:40 33680 ----a-w- c:\windows\system32\smrtlocalmon.dll
2013-04-05 09:34 . 2010-07-12 14:40 23848 ----a-w- c:\windows\system32\smrtlocalui.dll
2013-04-05 09:34 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-04-05 09:33 . 2013-04-05 09:33 -------- d-----w- c:\program files\SMART Technologies
2013-04-05 09:33 . 2013-04-05 09:33 -------- d-----w- c:\program files\National Instruments
2013-04-05 09:32 . 2013-04-05 09:35 -------- d-----w- c:\programdata\SMART Technologies
2013-04-05 09:31 . 2013-04-05 09:35 -------- d-----w- c:\program files\Common Files\SMART Technologies
2013-04-05 09:30 . 2013-04-05 09:45 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-05 09:28 . 2013-04-05 09:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-03-31 21:23 . 2013-03-31 21:23 -------- d-----w- c:\users\Robert\restore
2013-03-31 18:11 . 2013-03-31 18:11 -------- d-----w- c:\users\remote\restore
2013-03-31 18:06 . 2013-04-06 16:46 -------- d-----w- c:\programdata\tmp
2013-03-31 18:06 . 2013-04-05 15:38 -------- d-----w- c:\programdata\hps
2013-03-31 18:02 . 2013-04-05 15:56 -------- d-----w- c:\program files\CEWE COLOR
2013-03-31 16:22 . 2013-03-31 16:22 -------- d-----w- c:\users\Robert\AppData\Roaming\PictureMover
2013-03-31 15:52 . 2013-03-31 15:53 -------- d-----w- c:\users\remote\AppData\Roaming\PictureMover
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 18:51 . 2012-04-10 13:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-23 18:51 . 2011-05-17 09:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:17 . 2012-10-10 07:21 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-15 14:17 . 2012-10-10 07:21 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-15 14:17 . 2012-10-10 07:21 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-15 06:31 . 2012-07-10 07:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-15 06:31 . 2010-11-28 21:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-13 10:08 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 20:04 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2012-11-29 08:26 . 2011-04-12 16:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-28 5145824]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-01-28 358944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-15 345312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\mbar.exe" [2013-04-28 1398856]
" Malwarebytes Anti-Malware (cleanup)"="c:\users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll" [2013-04-28 1093192]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\remote\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
dropbox2.bat [2011-11-20 86]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\remote\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
[verify-U]-Software.lnk - c:\program files\[verify-U] AVS\[verify-U]-Software.exe [2008-1-14 475136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
R3 camvid20;Philips ToUcam Camera; Video [2011-03-08 253909]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\DRIVERS\9kdUSBXP.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\DRIVERS\ttusb2bda.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0-Lizenzierungsdienst;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87501992
*NewlyCreated* - ASWMBR
*Deregistered* - 87501992
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2013-04-23 20:45; ffxtlbr@delta.com; c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2013-01-02 12:26; firejump@firejump.net; c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-RunOnce-*ForceDelete - c:\users\Robert\Desktop\adwcleaner.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
.
.
"ImagePath"="\"c:\program files\
[verify-U] AVS\[verify-U]-Service.exe\""
.
"ImagePath"="system32\drivers\
[verify-U]-driver.sys"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\[verify-U]]
"ImagePath"="\"c:\program files\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\[verify-U]_System]
"ImagePath"="system32\drivers\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,e9,f0,3b,b7,a6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,27,71,29,76,57,a9,4f,ba,88,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,27,71,29,76,57,a9,4f,ba,88,76,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29 07:31:24
ComboFix-quarantined-files.txt 2013-04-29 05:31
.
Vor Suchlauf: 2.718.318.592 Bytes frei
Nach Suchlauf: 4.695.195.648 Bytes frei
.
- - End Of File - - B05FE469073294C1BEA138CCE3E5585A
Geändert von robertjana (29.04.2013 um 06:47 Uhr) |
|
29.04.2013, 10:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2013, 18:52
| #9 |
| | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Windows 7 Professional x86
Ran by remote on 29.04.2013 at 19:16:50,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\remote\desktop\optimizer pro.lnk"
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\invalidprefs.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2013 at 19:17:54,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 29/04/2013 um 19:24:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : remote - MULTIMEDIAPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Robert\Desktop\Trojanerboard\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\f09wu6ak.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Kinder\AppData\Roaming\Mozilla\Firefox\Profiles\rjr5xnou.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8708 octets] - [26/04/2013 18:14:09]
AdwCleaner[R2].txt - [8768 octets] - [26/04/2013 18:14:35]
AdwCleaner[R3].txt - [8939 octets] - [26/04/2013 18:27:28]
AdwCleaner[R4].txt - [1701 octets] - [29/04/2013 19:24:35]
AdwCleaner[S1].txt - [8763 octets] - [26/04/2013 18:28:05]
AdwCleaner[S2].txt - [1396 octets] - [26/04/2013 20:35:43]
AdwCleaner[S3].txt - [1636 octets] - [29/04/2013 19:24:52]
########## EOF - \AdwCleaner[S3].txt - [1696 octets] ##########
Code:
ATTFilter The installer has encountered an error installing the package. this may be indicate a problem with the package. the error code is 2761
Code:
ATTFilter OTL logfile created on: 29.04.2013 19:32:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,51% Memory free 5,87 Gb Paging File | 4,68 Gb Available in Paging File | 79,66% Paging File free Paging file location(s): d:\pagefile.sys 2686 2686 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,02 Gb Total Space | 4,32 Gb Free Space | 5,53% Space Free | Partition Type: NTFS Drive D: | 341,80 Gb Total Space | 10,04 Gb Free Space | 2,94% Space Free | Partition Type: NTFS Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive H: | 134,76 Gb Total Space | 3,52 Gb Free Space | 2,61% Space Free | Partition Type: NTFS Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robert\Desktop\Trojanerboard\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Kinder\AppData\Roaming\Dropbox\bin\dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Programme\The Maxifier\The Maxifier.exe () PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG) PRC - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe () PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll () MOD - C:\Programme\The Maxifier\The Maxifier.exe () MOD - C:\Programme\[verify-U] AVS\[verify-U]_Software.dll () MOD - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FlexNet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Flexera Software LLC) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG) SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\remote\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (camvid20) -- C:\Windows\System32\drivers\camdrv21.sys (Philips Components BU Imaging Solutions) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend Goerler GmbH) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (SNL320XP) -- C:\Windows\System32\drivers\9kdUSBXP.sys (Sonix Technology Co., Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 37 37 7D 97 CA 01 [binary data] IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{A9EE43D8-5797-4B37-BB80-7C27E41CFAE6}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{FD0AB065-284F-4E0F-99F3-6917141DC82D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 AB 7C F4 F9 85 CC 01 [binary data] IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{910671B7-1BFD-4224-907C-666D9CA64B5F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.12 22:46:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 08:40:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.13 15:29:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.20 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions [2011.08.19 14:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.26 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Firefox\Profiles\d9z8nnd6.default\extensions [2013.03.31 20:22:48 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\extensions\extension@preispilot.com.xpi [2012.12.12 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.29 07:30:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\AvACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 19:32:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,51% Memory free
5,87 Gb Paging File | 4,68 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 4,32 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 10,04 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,52 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Marktkauf Fotowelt] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\Marktkauf Fotowelt.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBE1AF-ACDD-4616-BBB2-8010B0351578}" = lport=138 | protocol=17 | dir=in | app=system |
"{0124E97A-D2C4-48CB-B1AD-165995C56F01}" = rport=138 | protocol=17 | dir=out | app=system |
"{05077F09-B9BA-4F3D-9214-BEBCD185B7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A3F24E7-FC11-49C1-A29E-27F26FFE46A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{125686FB-BF21-42F2-B1C7-49762D127508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2257A98A-A1CC-444C-AD9A-EA040571FA11}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A856FAF-E52B-44AD-BB70-C9370508D4B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{39C3FEE9-D9E6-48C0-9FD5-A0ADA9991D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E239203-EDC0-4015-8781-8AA9A9A52BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E42BB3-4DA3-4C7B-854B-884033F51A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7BD6C829-AD7E-4E62-B0A0-EC592B0BFC00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C1A877B-8980-466E-8F31-F7266F51DDF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EB81184-8425-4B41-89D4-12EB843C7BCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89EAA9EB-9453-4B33-911C-8E3CDFC9ED7B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{909F7F5F-6C59-4A92-A0DC-F30914CB27BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A40AACF2-0235-4981-9BAD-2B66C04908B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B93E2931-4AC7-4B50-9590-EACAC268828E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C42E2A5F-E80E-434B-A1B5-A69B698F143B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB43E44B-87E1-42C6-ABFB-CC018233204C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6A68863-E00A-4165-80F4-7B1C4F117B2F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DE06AFA5-13D1-4BAA-9DA1-B3F3DD0C96F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF4B3812-36A0-46BC-8BAF-0ADD29D9859F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1E1A16B-2CD5-4F8E-BB70-F87B53C6B6EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E52BBA03-1C6C-4998-BFC5-D26890EF5FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F581072D-3575-421A-B98F-9EDB4320DC3B}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020FBDF3-73DB-4505-9B73-FE4D572B974A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0333CED5-75BB-4F2C-9E4D-3D8BD3F03AC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{07C21D8E-1E8F-4E61-9D84-6118F4DA3306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0D3CB104-72D9-412B-BF6B-435476994824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F516105-7F87-4B5F-97E2-AD77B9FB508C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{153D9755-92AA-4EC2-B173-B775408C65A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1831E975-36A8-4A31-86DE-B264C43A540C}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C7ADED3-6429-429B-8F2D-AD9684435227}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1DF4528E-66E9-420D-8C37-628184ECC548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A9A97D7-FA47-4982-979A-9E232AB694AE}" = protocol=6 | dir=out | app=system |
"{2B6B670E-CD72-461C-8BAE-26E189673AC1}" = protocol=6 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3416A108-2BAC-48D3-98D2-58B8CDC34070}" = protocol=17 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B239162-EA6C-46C7-8A53-EA1FCA3769BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{3B8F10C3-323A-477A-937A-D060127EF74B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{3EAF2832-8E46-412E-AC74-02AF7CB814FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A36639B-4DEC-41F5-84C1-4F94C412CDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55A784B6-749D-4AE5-97BF-C58508EAB8C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F65D17-6559-46CA-B8C5-1839A3A2E2C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5F66C389-73C2-4598-955F-E49388386493}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5FB4953E-054C-4549-9F32-663F836D2482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61A21EA7-5F9F-4CAB-9F9A-C28DBC4716E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62AC7A0B-998A-432F-B9B5-ABDAEA22FA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{637BBB6C-84A5-4724-9053-34239D149B58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{685C06E5-4DBE-40EC-A663-0BC0AEC8E25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2ABAA-7300-4066-829C-09378A5737FE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{6AF6A577-3011-45CC-91D8-7384C3CABD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6C890355-84C3-476B-889E-BDDF88E24F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EFEEC8E-105B-4958-A3B9-0441C203FC42}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{7ED056C3-C02B-48A8-853C-81A764684BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F36C833-D27E-441F-8A92-857986974E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8171B296-1FAB-41A8-97FE-BC92D90628DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{8455F6A8-7076-4D71-B2A8-CEC6E2E6064E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{9115CB1A-AB8B-4517-89D7-09C37656AABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{95A093A6-B6B6-4C79-B0B9-3F11FABE54E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{99ACFB7C-6F9A-43AB-BD5F-C73ACC1DDF0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AEA89825-52BB-4E5E-BE99-FDD75B318DBB}" = dir=in | app=f:\setup\hpznui01.exe |
"{B07A451D-D034-4464-A8A6-D1C234FFA275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B9B7FEE4-ABF2-4C16-A6BF-1CFC37A5173B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA9A4CF1-75F8-4288-940D-1BB3A64860D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BB1215A4-CB29-4441-8712-8801F3E8EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BCA8209B-DB05-4208-A34C-D2285DFCDD66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C7EA62C3-EE32-4C9B-BEAF-251DE187D931}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CB2E0654-7383-4274-A70C-6473D19BC333}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3A401E8-1976-479F-9FF2-33DB9E76D9BD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E1331139-65EC-41E9-941F-D42D8857654B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5CB4622-ACB0-42ED-8C9E-035A6E3F54B7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E742B2A0-4B7F-4695-B857-A5C70F3793A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E9B3D9A5-0DB1-49BA-9F4E-A56AB836DAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{ED169D4C-50CC-47C0-9E04-FE151683C2B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F76A9E9D-B4DD-44D4-8D0A-97C8F7A29861}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F9CC7FD7-9072-4893-9AF7-CA15762A738B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0E59DA79-5EB8-411C-895D-A002591A2437}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
"TCP Query User{2161F6F6-422E-479F-B0EA-A88E05A545EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5BA19066-3B07-4198-94A9-8306F0F6AACC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6D5836D8-2323-4DEE-8699-85B2BA001014}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{8AD252CD-CD77-49F5-9534-9C7F50AB051C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{ADC5C1D4-82C7-40B7-B50D-B693FFAB2AB9}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{B0F017FF-34EB-4C55-A0B6-004C22B59422}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BACEC8D8-9322-45DF-B996-C4D562BEE386}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C3B8F8C0-787F-474A-888E-494891364716}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E1159490-5698-45FF-8CAE-FB2A8A617221}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E3605124-FCE1-4D73-B235-BAA5E2FA3D51}C:\program files\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"TCP Query User{F4CAFF87-44AB-473D-A517-4A7C89CEA6C2}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{082D07D6-FFBE-4ACC-A7D3-BAD805B02693}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{136C4661-14A3-4BC6-A81C-84885D357A43}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{169D9788-32B5-4D2D-8E6F-9B164401121F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{25A111B9-E463-43D3-B5E7-FA8D9D152532}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3AE40E8A-B8B9-4C45-90A9-CDE10353018F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5BEF3624-B557-41B6-B878-7B4E8CAD0F16}C:\program files\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"UDP Query User{6884F62F-6546-4650-9147-460F5D74CE73}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{694F6673-CEBF-43EB-A731-D39CAC9EA1F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{88772BF3-3EB1-4EEF-B4F6-DBC7F9EB2F8D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{AB845567-2A81-410E-864C-271ACC99E8FC}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{AD528A09-4865-4B68-9A95-E08CBC280975}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{DAB85B9A-E861-4310-BB35-2FFA8EE81BD1}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13DFC4CE-9089-4907-E042-71DCD6727DBA}" = ccc-utility
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB485D-50A0-4F1E-8F43-45B3D2CDCEB7}" = Prisma Arbeitsblätter Biologie 1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2846E2D9-5991-4332-A05D-20B06D15DFD5}" = The Maxifier
"{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1" = Calme Version 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7235B2-3305-4FE1-A9A1-5F8AC2F33122}" = SMART Common Files
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1" = 2.0.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACEira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [The Maxifier] C:\Program Files\The Maxifier\The Maxifier.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1002..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\RunOnce: [Report] \AdwCleaner[S3].txt File not found
O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dropbox2.bat ()
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1349814738270 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE8D744-F9C0-4196-9406-7FA6A6CA07F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.29 19:16:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.29 19:16:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.29 07:31:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.29 07:31:26 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\temp
[2013.04.29 07:16:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 07:16:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 07:16:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 07:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 07:16:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 17:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.26 17:58:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.26 17:58:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.26 17:58:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.26 17:58:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.26 17:58:45 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.26 17:58:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.26 17:58:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.26 17:58:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.26 17:58:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.26 17:58:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.26 17:58:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.26 17:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.26 17:58:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.26 17:58:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.23 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\player
[2013.04.23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.04.20 08:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 07:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2013.04.17 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TeamDrive3
[2013.04.17 07:23:59 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.15 08:31:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.10 03:04:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 03:04:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 03:04:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 03:04:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 03:04:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 03:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 03:04:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 03:04:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 01:51:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 01:51:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 01:51:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 01:51:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.09 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2013.04.09 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2013.04.05 19:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI NORD Bestellsoftware
[2013.04.05 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marktkauf Fotowelt
[2013.04.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marktkauf
[2013.04.05 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch
[2013.04.05 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum
[2013.04.05 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LAT 2.0 Deutsch
[2013.04.05 11:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\SMART Technologies Inc
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\SMART Technologies Inc
[2013.04.05 11:34:53 | 000,033,680 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll
[2013.04.05 11:34:53 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll
[2013.04.05 11:34:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2013.04.05 11:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2013.04.05 11:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2013.04.05 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2013.04.05 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.05 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013.03.31 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\remote\restore
[2013.03.31 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.03.31 20:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CEWE COLOR
[2013.03.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\PictureMover
========== Files - Modified Within 30 Days ==========
[2013.04.29 19:33:49 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 19:33:49 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 19:26:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 19:26:05 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.29 19:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 07:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 10:41:30 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.28 10:41:30 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.28 10:41:30 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.28 10:41:30 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.27 10:47:47 | 000,000,000 | ---- | M] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:31 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:51:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.23 20:51:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.23 20:46:31 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 09:04:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:49 | 000,001,642 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:55 | 000,111,818 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.17 08:29:23 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.17 07:23:59 | 000,001,228 | ---- | M] () -- C:\Users\remote\Desktop\Revo Uninstaller.lnk
[2013.04.15 16:17:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.15 16:17:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.15 16:17:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.15 08:31:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 08:31:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.15 08:31:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.15 08:31:02 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.10 03:23:19 | 000,543,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 18:14:31 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
========== Files Created - No Company Name ==========
[2013.04.29 07:16:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 07:16:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 07:16:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 07:16:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 07:16:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 10:47:47 | 000,000,000 | ---- | C] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:46:31 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 08:41:43 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:48 | 000,001,642 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:52 | 000,111,818 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.09 18:14:31 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
[2013.01.02 13:26:06 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.11 18:01:57 | 000,293,712 | ---- | C] () -- C:\Windows\System32\Tbsql03.dll
[2012.11.11 18:01:57 | 000,246,368 | ---- | C] () -- C:\Windows\System32\Tbqry03.dll
[2012.11.11 18:01:57 | 000,145,696 | ---- | C] () -- C:\Windows\System32\Tblib.dll
[2012.11.11 18:01:57 | 000,090,688 | ---- | C] () -- C:\Windows\System32\Tbutl03.dll
[2012.11.11 18:01:57 | 000,014,512 | ---- | C] () -- C:\Windows\System32\Tbgui03.dll
[2012.11.11 18:01:57 | 000,005,488 | ---- | C] () -- C:\Windows\System32\Tbmds03.dll
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.03 23:59:17 | 000,023,700 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2011.11.13 18:40:29 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011.07.02 01:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.26 21:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.14 19:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\remote\ntuser.pol
[2010.04.13 19:38:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A810B5F5-8ACA-4670-B6B3-F98B07DFF6C4}" = SMART Notebook
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C748519A-9E3F-6FA2-5A7A-3CABECEC2CE1}" = ATI Catalyst Install Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD64C3B5-BE43-4496-9D26-5C4B2E0E104C}" = Langmeier Software Dreieck-1x1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ECE9F52E-4A25-4265-8459-85DF6A6FEB52}" = SMART German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F41D5B74-E0AC-4D36-9BC4-86A02994AA83}" = 10*000 Aufgaben Mathematik
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBC386FF-3249-4C37-B87F-51A23E46AEFD}" = TSDoctor
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Blitzrechnen" = Blitzrechnen
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dropbox Shell Tools" = Dropbox Shell Tools 0.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HaaliMkx" = Haali Media Splitter
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ifolor-Designer" = ifolor Designer
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Marktkauf Fotowelt" = Marktkauf Fotowelt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.13
"Pixum Fotobuch" = Pixum Fotobuch
"Poker im Wilden Westen" = Poker im Wilden Westen
"Ressource 3000" = Ressource 3000
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsKalender-Assistentv6.00" = SmartTools Publishing • Word Kalender-Assistent
"TeamViewer 8" = TeamViewer 8
"The Maxifier" = The Maxifier
"VLC media player" = VLC media player 2.0.4
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fbaaf7d101824206" = RoboGUI
"Move Media Player" = Move Media Player
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2013 13:20:13 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7b86d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003d679
ID
des fehlerhaften Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0x01ce44fd948e23c5
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\EXPLORERFRAME.dll Berichtskennung: 0cccba3e-b0f1-11e2-b6ac-90e6ba8c80d1
Error - 29.04.2013 13:27:47 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 1041
Description =
Error - 29.04.2013 13:30:16 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 10005
Description =
[ System Events ]
Error - 29.04.2013 13:19:42 | Computer Name = MultimediaPC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
30.04.2013, 10:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Log von OTL (otl.txt) ist leider unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2013, 12:32
| #11 |
| | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Das verstehe ich nicht - Die logs beginnen mit OTL logfile bzw OTL Extras logfile und enden beide mit End of Report. Ich habe otl noch einmal laufen lassen, falls ich in den Einstellungen etwas übersehen habe. Hier sind die logs: Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 13:23:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free
5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Marktkauf Fotowelt] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\Marktkauf Fotowelt.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBE1AF-ACDD-4616-BBB2-8010B0351578}" = lport=138 | protocol=17 | dir=in | app=system |
"{0124E97A-D2C4-48CB-B1AD-165995C56F01}" = rport=138 | protocol=17 | dir=out | app=system |
"{05077F09-B9BA-4F3D-9214-BEBCD185B7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A3F24E7-FC11-49C1-A29E-27F26FFE46A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{125686FB-BF21-42F2-B1C7-49762D127508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2257A98A-A1CC-444C-AD9A-EA040571FA11}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A856FAF-E52B-44AD-BB70-C9370508D4B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{39C3FEE9-D9E6-48C0-9FD5-A0ADA9991D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E239203-EDC0-4015-8781-8AA9A9A52BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E42BB3-4DA3-4C7B-854B-884033F51A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7BD6C829-AD7E-4E62-B0A0-EC592B0BFC00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C1A877B-8980-466E-8F31-F7266F51DDF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EB81184-8425-4B41-89D4-12EB843C7BCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89EAA9EB-9453-4B33-911C-8E3CDFC9ED7B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{909F7F5F-6C59-4A92-A0DC-F30914CB27BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A40AACF2-0235-4981-9BAD-2B66C04908B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B93E2931-4AC7-4B50-9590-EACAC268828E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C42E2A5F-E80E-434B-A1B5-A69B698F143B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB43E44B-87E1-42C6-ABFB-CC018233204C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6A68863-E00A-4165-80F4-7B1C4F117B2F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DE06AFA5-13D1-4BAA-9DA1-B3F3DD0C96F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF4B3812-36A0-46BC-8BAF-0ADD29D9859F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1E1A16B-2CD5-4F8E-BB70-F87B53C6B6EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E52BBA03-1C6C-4998-BFC5-D26890EF5FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F581072D-3575-421A-B98F-9EDB4320DC3B}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020FBDF3-73DB-4505-9B73-FE4D572B974A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0333CED5-75BB-4F2C-9E4D-3D8BD3F03AC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{07C21D8E-1E8F-4E61-9D84-6118F4DA3306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0D3CB104-72D9-412B-BF6B-435476994824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F516105-7F87-4B5F-97E2-AD77B9FB508C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{153D9755-92AA-4EC2-B173-B775408C65A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1831E975-36A8-4A31-86DE-B264C43A540C}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C7ADED3-6429-429B-8F2D-AD9684435227}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1DF4528E-66E9-420D-8C37-628184ECC548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A9A97D7-FA47-4982-979A-9E232AB694AE}" = protocol=6 | dir=out | app=system |
"{2B6B670E-CD72-461C-8BAE-26E189673AC1}" = protocol=6 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3416A108-2BAC-48D3-98D2-58B8CDC34070}" = protocol=17 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B239162-EA6C-46C7-8A53-EA1FCA3769BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{3B8F10C3-323A-477A-937A-D060127EF74B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{3EAF2832-8E46-412E-AC74-02AF7CB814FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A36639B-4DEC-41F5-84C1-4F94C412CDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55A784B6-749D-4AE5-97BF-C58508EAB8C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F65D17-6559-46CA-B8C5-1839A3A2E2C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5F66C389-73C2-4598-955F-E49388386493}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5FB4953E-054C-4549-9F32-663F836D2482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61A21EA7-5F9F-4CAB-9F9A-C28DBC4716E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62AC7A0B-998A-432F-B9B5-ABDAEA22FA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{637BBB6C-84A5-4724-9053-34239D149B58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{685C06E5-4DBE-40EC-A663-0BC0AEC8E25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2ABAA-7300-4066-829C-09378A5737FE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{6AF6A577-3011-45CC-91D8-7384C3CABD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6C890355-84C3-476B-889E-BDDF88E24F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EFEEC8E-105B-4958-A3B9-0441C203FC42}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{7ED056C3-C02B-48A8-853C-81A764684BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F36C833-D27E-441F-8A92-857986974E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8171B296-1FAB-41A8-97FE-BC92D90628DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{8455F6A8-7076-4D71-B2A8-CEC6E2E6064E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{9115CB1A-AB8B-4517-89D7-09C37656AABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{95A093A6-B6B6-4C79-B0B9-3F11FABE54E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{99ACFB7C-6F9A-43AB-BD5F-C73ACC1DDF0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AEA89825-52BB-4E5E-BE99-FDD75B318DBB}" = dir=in | app=f:\setup\hpznui01.exe |
"{B07A451D-D034-4464-A8A6-D1C234FFA275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B9B7FEE4-ABF2-4C16-A6BF-1CFC37A5173B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA9A4CF1-75F8-4288-940D-1BB3A64860D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BB1215A4-CB29-4441-8712-8801F3E8EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BCA8209B-DB05-4208-A34C-D2285DFCDD66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C7EA62C3-EE32-4C9B-BEAF-251DE187D931}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CB2E0654-7383-4274-A70C-6473D19BC333}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3A401E8-1976-479F-9FF2-33DB9E76D9BD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E1331139-65EC-41E9-941F-D42D8857654B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5CB4622-ACB0-42ED-8C9E-035A6E3F54B7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E742B2A0-4B7F-4695-B857-A5C70F3793A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E9B3D9A5-0DB1-49BA-9F4E-A56AB836DAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{ED169D4C-50CC-47C0-9E04-FE151683C2B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F76A9E9D-B4DD-44D4-8D0A-97C8F7A29861}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F9CC7FD7-9072-4893-9AF7-CA15762A738B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0E59DA79-5EB8-411C-895D-A002591A2437}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
"TCP Query User{2161F6F6-422E-479F-B0EA-A88E05A545EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5BA19066-3B07-4198-94A9-8306F0F6AACC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6D5836D8-2323-4DEE-8699-85B2BA001014}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{8AD252CD-CD77-49F5-9534-9C7F50AB051C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{ADC5C1D4-82C7-40B7-B50D-B693FFAB2AB9}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{B0F017FF-34EB-4C55-A0B6-004C22B59422}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BACEC8D8-9322-45DF-B996-C4D562BEE386}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C3B8F8C0-787F-474A-888E-494891364716}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E1159490-5698-45FF-8CAE-FB2A8A617221}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E3605124-FCE1-4D73-B235-BAA5E2FA3D51}C:\program files\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"TCP Query User{F4CAFF87-44AB-473D-A517-4A7C89CEA6C2}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{082D07D6-FFBE-4ACC-A7D3-BAD805B02693}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{136C4661-14A3-4BC6-A81C-84885D357A43}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{169D9788-32B5-4D2D-8E6F-9B164401121F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{25A111B9-E463-43D3-B5E7-FA8D9D152532}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3AE40E8A-B8B9-4C45-90A9-CDE10353018F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5BEF3624-B557-41B6-B878-7B4E8CAD0F16}C:\program files\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files\asus\asusupdate\update.exe |
"UDP Query User{6884F62F-6546-4650-9147-460F5D74CE73}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{694F6673-CEBF-43EB-A731-D39CAC9EA1F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{88772BF3-3EB1-4EEF-B4F6-DBC7F9EB2F8D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{AB845567-2A81-410E-864C-271ACC99E8FC}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{AD528A09-4865-4B68-9A95-E08CBC280975}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{DAB85B9A-E861-4310-BB35-2FFA8EE81BD1}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13DFC4CE-9089-4907-E042-71DCD6727DBA}" = ccc-utility
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB485D-50A0-4F1E-8F43-45B3D2CDCEB7}" = Prisma Arbeitsblätter Biologie 1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2846E2D9-5991-4332-A05D-20B06D15DFD5}" = The Maxifier
"{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1" = Calme Version 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7235B2-3305-4FE1-A9A1-5F8AC2F33122}" = SMART Common Files
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1" = 2.0.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A810B5F5-8ACA-4670-B6B3-F98B07DFF6C4}" = SMART Notebook
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C748519A-9E3F-6FA2-5A7A-3CABECEC2CE1}" = ATI Catalyst Install Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD64C3B5-BE43-4496-9D26-5C4B2E0E104C}" = Langmeier Software Dreieck-1x1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ECE9F52E-4A25-4265-8459-85DF6A6FEB52}" = SMART German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F41D5B74-E0AC-4D36-9BC4-86A02994AA83}" = 10*000 Aufgaben Mathematik
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBC386FF-3249-4C37-B87F-51A23E46AEFD}" = TSDoctor
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Blitzrechnen" = Blitzrechnen
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dropbox Shell Tools" = Dropbox Shell Tools 0.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HaaliMkx" = Haali Media Splitter
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ifolor-Designer" = ifolor Designer
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Marktkauf Fotowelt" = Marktkauf Fotowelt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.13
"Pixum Fotobuch" = Pixum Fotobuch
"Poker im Wilden Westen" = Poker im Wilden Westen
"Ressource 3000" = Ressource 3000
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsKalender-Assistentv6.00" = SmartTools Publishing • Word Kalender-Assistent
"TeamViewer 8" = TeamViewer 8
"The Maxifier" = The Maxifier
"VLC media player" = VLC media player 2.0.4
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fbaaf7d101824206" = RoboGUI
"Move Media Player" = Move Media Player
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2013 13:20:13 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7b86d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003d679
ID
des fehlerhaften Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0x01ce44fd948e23c5
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\EXPLORERFRAME.dll Berichtskennung: 0cccba3e-b0f1-11e2-b6ac-90e6ba8c80d1
Error - 29.04.2013 13:27:47 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 1041
Description =
Error - 29.04.2013 13:30:16 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 10005
Description =
Error - 29.04.2013 13:59:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01ce450342d1f8a0 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 880dc23d-b0f6-11e2-936f-90e6ba8c80d1
Error - 29.04.2013 14:06:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0x1880 Startzeit der fehlerhaften Anwendung: 0x01ce450442f3015f Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 825589ea-b0f7-11e2-936f-90e6ba8c80d1
Error - 29.04.2013 18:31:37 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\SMART Technologies\Support\dpinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.04.2013 18:32:27 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\aldi
nord bestellsoftware\install_flash_player.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.04.2013 18:34:01 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 29.04.2013 18:35:21 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\word
kalender-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\smarttools\word kalender-assistent\adxloader.dll.Manifest" in
Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 30.04.2013 01:14:53 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
Zeitstempel: 0x516bc0a9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0x14c4 Startzeit der fehlerhaften Anwendung: 0x01ce4561a3926874 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e3542791-b154-11e2-ab61-90e6ba8c80d1
[ System Events ]
Error - 29.04.2013 13:19:42 | Computer Name = MultimediaPC | Source = DCOM | ID = 10010
Description =
Error - 29.04.2013 14:06:56 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 29.04.2013 21:21:00 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 30.04.2013 01:20:09 | Computer Name = MultimediaPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
< End of report >
Code:
ATTFilter OTL logfile created on: 30.04.2013 13:23:01 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop\Trojanerboard Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free 5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free Paging file location(s): d:\pagefile.sys 2686 2686 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32 Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robert\Desktop\Trojanerboard\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Kinder\AppData\Roaming\Dropbox\bin\dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Programme\The Maxifier\The Maxifier.exe () PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG) PRC - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe () PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Acronis\TrueImageHome\tishell.dll () MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll () MOD - C:\Programme\The Maxifier\The Maxifier.exe () MOD - C:\Programme\[verify-U] AVS\[verify-U]_Software.dll () MOD - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FlexNet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Flexera Software LLC) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG) SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\remote\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (camvid20) -- C:\Windows\System32\drivers\camdrv21.sys (Philips Components BU Imaging Solutions) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend Goerler GmbH) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (SNL320XP) -- C:\Windows\System32\drivers\9kdUSBXP.sys (Sonix Technology Co., Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 37 37 7D 97 CA 01 [binary data] IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{A9EE43D8-5797-4B37-BB80-7C27E41CFAE6}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{FD0AB065-284F-4E0F-99F3-6917141DC82D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 AB 7C F4 F9 85 CC 01 [binary data] IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{910671B7-1BFD-4224-907C-666D9CA64B5F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.12 22:46:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 08:40:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.13 15:29:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.20 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions [2011.08.19 14:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.26 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Firefox\Profiles\d9z8nnd6.default\extensions [2013.03.31 20:22:48 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\extensions\extension@preispilot.com.xpi [2012.12.12 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.29 07:30:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [The Maxifier] C:\Program Files\The Maxifier\The Maxifier.exe () O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1002..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\RunOnce: [Report] \AdwCleaner[S3].txt File not found O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dropbox2.bat () O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1349814738270 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE8D744-F9C0-4196-9406-7FA6A6CA07F1}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 03:02:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.30 03:02:47 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 03:02:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.30 03:02:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 03:02:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 03:02:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 03:02:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 03:02:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 03:02:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 03:02:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 03:02:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.30 03:02:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 03:02:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.30 03:02:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.30 03:02:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 03:02:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 03:02:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 03:02:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 03:02:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.30 03:02:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 03:02:46 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 03:02:46 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 03:02:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 03:02:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 03:02:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 03:02:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 03:02:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.30 03:02:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 03:02:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.30 03:02:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 03:02:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.30 03:02:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 03:02:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 03:02:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.30 03:02:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.30 03:02:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.29 19:16:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.29 19:16:34 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.29 07:31:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.29 07:31:26 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\temp [2013.04.29 07:16:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.29 07:16:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.29 07:16:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.29 07:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.29 07:16:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.26 17:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.04.26 17:58:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.04.26 17:58:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.04.26 17:58:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.04.26 17:58:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.04.26 17:58:45 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.04.26 17:58:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.04.26 17:58:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.26 17:58:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.04.26 17:58:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.04.26 17:58:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.04.26 17:58:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.04.26 17:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.26 17:58:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.04.26 17:58:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.04.23 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer [2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL [2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\player [2013.04.23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.04.20 08:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.04.18 07:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover [2013.04.17 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TeamDrive3 [2013.04.17 07:23:59 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.04.15 08:31:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.04.15 08:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.10 01:51:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 01:51:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 01:51:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 01:51:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.09 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software [2013.04.09 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software [2013.04.05 19:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI NORD Bestellsoftware [2013.04.05 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marktkauf Fotowelt [2013.04.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marktkauf [2013.04.05 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch [2013.04.05 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum [2013.04.05 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LAT 2.0 Deutsch [2013.04.05 11:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\SMART Technologies Inc [2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\SMART Technologies Inc [2013.04.05 11:34:53 | 000,033,680 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll [2013.04.05 11:34:53 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll [2013.04.05 11:34:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies [2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments [2013.04.05 11:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies [2013.04.05 11:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies [2013.04.05 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies [2013.04.05 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.05 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013.03.31 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\remote\restore [2013.03.31 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.03.31 20:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CEWE COLOR [2013.03.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\PictureMover ========== Files - Modified Within 30 Days ========== [2013.04.30 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.30 07:21:29 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.30 07:21:29 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.30 07:21:29 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.30 07:21:29 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 03:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 03:22:02 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 03:02:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.30 03:02:47 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 03:02:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.30 03:02:47 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 03:02:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 03:02:47 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 03:02:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 03:02:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 03:02:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 03:02:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 03:02:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.30 03:02:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 03:02:47 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.30 03:02:46 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.30 03:02:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 03:02:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 03:02:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 03:02:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 03:02:46 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.30 03:02:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 03:02:46 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 03:02:46 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 03:02:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 03:02:46 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 03:02:46 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 03:02:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 03:02:46 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.30 03:02:46 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 03:02:46 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.30 03:02:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 03:02:46 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.30 03:02:46 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 03:02:46 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 03:02:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.30 03:02:46 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.30 03:02:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.30 03:02:46 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.29 07:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.27 10:47:47 | 000,000,000 | ---- | M] () -- C:\Users\remote\defogger_reenable [2013.04.26 18:28:31 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.23 20:51:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.23 20:51:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.23 20:46:31 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013.04.20 09:04:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.04.17 08:38:49 | 000,001,642 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083846.reg [2013.04.17 08:37:55 | 000,111,818 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083751.reg [2013.04.17 08:29:23 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.17 07:23:59 | 000,001,228 | ---- | M] () -- C:\Users\remote\Desktop\Revo Uninstaller.lnk [2013.04.15 16:17:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.15 16:17:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.15 16:17:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.15 08:31:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.15 08:31:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.04.15 08:31:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.04.15 08:31:02 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.10 03:23:19 | 000,543,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.09 18:14:31 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk [2013.04.05 11:34:25 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk ========== Files Created - No Company Name ========== [2013.04.30 03:02:46 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 07:16:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.29 07:16:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.29 07:16:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.29 07:16:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.29 07:16:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.27 10:47:47 | 000,000,000 | ---- | C] () -- C:\Users\remote\defogger_reenable [2013.04.26 18:28:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.23 20:46:31 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013.04.20 08:41:43 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.04.17 08:38:48 | 000,001,642 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083846.reg [2013.04.17 08:37:52 | 000,111,818 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083751.reg [2013.04.09 18:14:31 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk [2013.04.05 11:34:25 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk [2013.01.02 13:26:06 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.11 18:01:57 | 000,293,712 | ---- | C] () -- C:\Windows\System32\Tbsql03.dll [2012.11.11 18:01:57 | 000,246,368 | ---- | C] () -- C:\Windows\System32\Tbqry03.dll [2012.11.11 18:01:57 | 000,145,696 | ---- | C] () -- C:\Windows\System32\Tblib.dll [2012.11.11 18:01:57 | 000,090,688 | ---- | C] () -- C:\Windows\System32\Tbutl03.dll [2012.11.11 18:01:57 | 000,014,512 | ---- | C] () -- C:\Windows\System32\Tbgui03.dll [2012.11.11 18:01:57 | 000,005,488 | ---- | C] () -- C:\Windows\System32\Tbmds03.dll [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2012.01.03 23:59:17 | 000,023,700 | ---- | C] () -- C:\Windows\hpqins15.dat.temp [2011.11.13 18:40:29 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2011.07.02 01:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.26 21:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.14 19:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\remote\ntuser.pol [2010.04.13 19:38:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
30.04.2013, 15:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) |
| adressleiste, adware/yontoo.gen, chats, chrome, e-mail, eingabe, eingaben, fehlende, fehlende zeichen, google, google chrome, immer wieder, interne, internet, normalem, onlinespiele, problem, problemlos, programme, programmen, suchfeld, tr/rogue.953309, tr/rogue.kdv.899494, zeichen |
Linear-Darstellung
