|
Log-Analyse und Auswertung: Online Banking gesperrt - SchadsoftwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.05.2013, 14:47 | #1 |
| Online Banking gesperrt - Schadsoftware Hallo liebe Trojanerbekämpfer! Da mein Online Banking bei der Sparkasse aufgrund einer Schadsoftware gesperrt wurde, habe ich gleich einmal danach gegoogelt und bin hier aufs Forum gestoßen. Hier habe ich auch schon gesehen, dass ich nicht der einzige mit dem Problem bin. Ich hoffe ihr könnt mir helfen die Schadsoftware (oder was sich da auch eingenistet hat) zu beseitigen ohne dass ich meinen PC neu aufsetzten muss. Ich habe nun gleich einmal den OTL Scan gemacht wie er in einem Thread beschrieben wird. Hier die LOGs: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 30.05.2013 15:27:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free 8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009F94DA-CBD8-407D-B0FE-9CB775C3BC8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{06D1948F-644C-4896-9BA9-0F7930F33C83}" = rport=10243 | protocol=6 | dir=out | app=system | "{09E2BE97-1853-4E8F-BBA5-175CC1E99FF3}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery | "{0A0C3620-F7EC-4DBB-96B4-30F79F3370EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{11E6253B-2AB5-4B6B-9480-B3D848E7A8C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{11F9AEE4-E398-4917-BB06-437088F52DE4}" = lport=10243 | protocol=6 | dir=in | app=system | "{1787A7F2-B295-44BF-81B0-035B2C2E07DD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{18847473-1DE7-43F1-AB45-803A65400366}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{1AAD2B6A-D4E3-4916-AAA9-5E75F603A89D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{25A9BE02-A3FD-4499-BEFD-B2CAE381AC3F}" = rport=137 | protocol=17 | dir=out | app=system | "{296F624C-116D-4646-A214-65594CFB1109}" = rport=445 | protocol=6 | dir=out | app=system | "{29F79B7C-0383-43A8-BA1F-B117C93718F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2C93F55C-D159-4D40-950D-3AE60DB785C1}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery | "{33128945-6BA1-4CB0-A224-35D3F582EFDD}" = lport=2869 | protocol=6 | dir=in | app=system | "{3AF46097-BAEB-4785-9D2B-BCFCF8F301CD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{53B3E999-04A1-460F-85C9-302A57922D65}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections | "{5DADB6ED-1E47-4C26-BA62-51143052A917}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6F6F5851-94D4-479A-8145-D386544A3C62}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections | "{7112BBAB-AFB3-4B40-9600-73D67229D637}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{771D0B2A-5DDD-4D87-BDC9-2A771DBC4F47}" = lport=137 | protocol=17 | dir=in | app=system | "{7DB7CAD4-F2B5-4345-86E5-E9FA0D7FEEBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7FC16EDE-C651-43DE-AD86-6312388BD8B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{876108B7-FC34-4868-B688-48E1F178CA63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{889459E7-1CE6-4F0D-BB69-687DBDB6A550}" = lport=138 | protocol=17 | dir=in | app=system | "{8B494AC4-D0CD-4321-B8E9-959A51691A2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8B6231EA-2FA9-4435-A8A8-20F7F76F2973}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8FC4E2DF-485C-463E-B9E0-D6CCD399A3E4}" = lport=445 | protocol=6 | dir=in | app=system | "{9054ABC2-4A7A-407B-8E3D-7CA6FDE899C8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9ADF84D8-C2B5-4ABB-8635-E3C107DD47DD}" = lport=3389 | protocol=6 | dir=in | app=system | "{A3FC3E23-1598-4D8A-9A1C-68E548AC155E}" = lport=139 | protocol=6 | dir=in | app=system | "{A7688D13-FAC9-4F35-B75C-9311F9C2E210}" = lport=5656 | protocol=17 | dir=in | name=gremoteserver udp port | "{B027759C-962F-4611-BB6E-9F1C786C2CFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3A39DEF-CEC9-4469-9164-DFF31FEDAB8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C728CAA3-0AB4-4140-AC55-6E5BA3FB5D78}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DF16FFA5-3563-4F3B-845B-FC47ECAEBE5B}" = rport=138 | protocol=17 | dir=out | app=system | "{E3842230-9BF2-4295-8F2C-A9F72ECDC71B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{E9CE0F33-B64D-4552-BFE5-35450376A2C4}" = rport=139 | protocol=6 | dir=out | app=system | "{EA45B1D4-9274-495F-98F3-07150856F107}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ECFBB29A-CF1F-459C-A580-01148721A594}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{EDF0DF3E-95D3-427F-8F16-9E8EF6D04034}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F78FEC8E-35F4-472F-A335-8DA512B6CF39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FD7BDD81-213E-46D0-B724-11429D2342F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFBDD387-7D4B-4851-9B39-407BACDFF3C9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E26137-D535-4208-A7F5-AF2FED065BB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{035E12E6-3041-45F2-B98F-A39CB7132580}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{0375961E-0337-45E3-98F3-07D6EA3C3A29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{05908347-5937-4C8F-BD84-E8AF76D9A056}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | "{068BD1D5-DD5F-444C-ACD6-E1F89A1B06F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{072C8F0F-1518-4BC7-BAD3-0E5A83C37DC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{07CE84FD-A1A4-489C-80AC-45CC8EA138FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0DFDFD8D-606C-408B-B661-124C7DBF418A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe | "{0F51F023-80D5-4E9F-B560-BDDE721B9D9E}" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | "{15AEE56B-468F-4D87-A49B-ED162E20C3D1}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{1625F215-C211-4179-98CC-BF27DEE62FD5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{16ACE72D-4508-4F23-864E-4DA498DA45A4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1966F879-ED7C-4D05-898C-1DCD62B789C9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe | "{19ACBC3C-CB74-49B5-ACDF-249C76A12F64}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe | "{1F027B75-4715-4862-AAA6-5D10FE6AEC15}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{21C602CF-B9DB-4D32-A3A8-2AA9179A04C8}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe | "{223E1DBF-856C-4BC9-9557-76B62605682B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{261143D8-A802-4762-BE48-95D2F325A54E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2933F36D-59CB-4EE0-83BA-1D54D8C6AE85}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2A160773-B1AA-40A2-895A-8B082E7EEE9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B55B782-7692-4F1C-8552-DB3EEC09DD6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C817F02-3C3F-44FF-A1FF-2313488F77CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2CA99137-DF28-4712-8686-4FBD5A7F32CB}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe | "{2E0AB9EB-13EA-43E6-B368-8D7DD5C2F4A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3120431D-16B5-4958-BDD3-8ECA53963D15}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe | "{32776A0C-1EDA-489C-ACE9-A62BAF7CD539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{327EAF38-4580-4DA3-9C13-09950D08E21A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{340DA129-306B-4B9D-BEC0-D1D24C91B0C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{352F6E09-8002-40FC-8EEE-42CA31A80061}" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe | "{36854603-C330-4B4F-93C5-D194DFE3CC1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{368EE2D9-648C-4D55-A169-4D856140FF8D}" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | "{38E459E0-3761-4859-96B4-2B68E69D31A8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38F0B886-E2E0-4947-A48F-3EC918F46B7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E9D864D-47E8-415E-9657-60DAB604C1AA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3F30BB61-32DB-4377-93A4-7D0E0D4AB580}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{42321214-143B-490A-A986-102118775D6F}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe | "{426C7343-414E-4A12-8C9E-F096605507D7}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | "{42E9ACA5-A052-4476-AAC9-DADCA657D3E1}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe | "{45B7934F-31D9-421B-A78E-1D5B2AC89DAB}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe | "{47C8606C-5EA6-4067-BA7C-50B351933472}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{48FD44FF-7B34-4949-9325-6FE2C77D4CBA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4B9CFE6D-FB20-48BC-B5A6-054E40C733A5}" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | "{4BDD1781-90FE-413F-9221-42B49E0EB81C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe | "{4F29CF7F-45AE-44EA-9188-C4C5C9404B51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{51D3B1D0-98F7-402A-84AB-DCFA15CA50EB}" = dir=in | app=d:\program files\itunes\itunes.exe | "{51F988AA-0F16-4BA0-823A-CADADE58F8B2}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe | "{52354824-D402-487A-AE2E-1E843E485363}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{591C0695-2D57-45E8-97F5-C8791C6A185E}" = protocol=6 | dir=out | app=system | "{5AEBED2F-1CB5-4A09-AC36-BA5D7AC10D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5C939CAA-29CD-4F53-A7C5-F1CAC87292DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5D77A730-2A69-43E4-B173-1A87AAA30E26}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\manager.exe | "{615FDF69-E1AC-4D8A-89E1-67475C23B3A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{62E96D18-CC00-49DE-8F38-0F07EE2948BB}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{669F3289-ED87-47CE-997C-946F54BCA972}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{694EB7EA-85F4-4E99-A1E0-B2147CD492D7}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{6D9B4F4B-4073-425A-BAD8-9434626961A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6F5C7B5A-392C-4213-B454-0F391AC28F0F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6FC9F265-7215-4EC4-B1D5-02C486A37B8B}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe | "{73C882FE-805B-4006-BE8B-B6DDC44E186E}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | "{7C26D67B-19EE-4DD7-8D17-C7B8F12B5A20}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | "{82909D90-CA4D-4A13-89EB-8E0260706FCC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{82C1B06C-8959-499E-87B6-2C51DDF6AAC3}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe | "{8A0BA3F2-9470-42D8-96E7-FE9A169DB7AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8AD93B54-D05A-4708-8833-E01255A84DD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8B0A0DC5-8C74-41BA-9024-488CD78FD01E}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe | "{8BFB7093-8B09-4B34-95F4-0D0117155524}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | "{8C1F23BD-E20C-402F-987C-56007C4BA3B9}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe | "{8D4B2110-75FC-4C64-9FC5-EBBFD11D4FBE}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe | "{8FB52C9D-BBFD-4644-80C4-B8F2E63C7F35}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{90183AC0-B8E1-425A-A317-9CE761F8CAEC}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\manager.exe | "{937A28EA-3E96-410D-B294-3EBF3876C5F2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe | "{951D2E66-D162-43CA-94D7-BFB49C907084}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{95D2B67E-8207-4038-8089-AE94A2D8CD0B}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\server.exe | "{992AF70C-8CEF-48A4-87EA-A2F1ABCA08C1}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe | "{99D09D79-B9AC-46E4-87BF-E1F981014DE3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9AEFC9E4-1E48-4070-BA36-30D444131913}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe | "{9D5EE270-9B9B-4442-9477-A36491868858}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{9E7A0B81-AFA4-407E-A7EA-AFDE3437A1E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9F2B409E-16EC-4966-990E-7C639985CCB7}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{A3F0A002-7EBB-4D0B-A7EE-89ED3B0FB9C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A5C8C719-6E5E-42A1-A42A-556C4624E940}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AC462C6B-6BF5-458C-B67E-F895AB4EF239}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe | "{ADC8156F-D5EE-4BEC-A852-77EF3BF8A688}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B06EEEEE-3EE4-43F7-B4B0-F28879FC6DD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B1C05667-57B1-44AE-945B-A9D64A3ED774}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | "{B41BC928-7536-4684-A307-2CA17AE78402}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B56ADB45-742F-443A-9B5D-DA5B83670298}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B606879E-95CC-4EA2-AA5F-3A9272C07B40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B635AA8A-2ED0-450A-8BB9-D8C30CC2AAC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B8D8996A-71E0-46C9-A49B-5F3D2BA60C33}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{B8F0F1B0-DF66-45F2-986A-75B03D6EE072}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BC0FB2B8-CF73-4C6D-B7CD-299EE792D254}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe | "{BDE2D687-0055-40FB-AC4E-F8E379BA06EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{BE7A5EBF-B7CE-4D5A-A996-81CE9FDC1AF1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe | "{BE872ABA-FE1B-4A1E-912E-DC5795724E88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF552EE1-8E94-4100-B023-A72F2AD8DFD0}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{C0EBE799-EFEA-40AD-B9B0-D5A3E3C83C44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\server.exe | "{C149A3BB-48A0-40B4-B60D-7C4B6667144C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C14B69C3-3A1B-4301-8C71-D16B9E511E36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C39398DF-1DB2-4EC8-80C2-2544B358C975}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C53E7953-74DC-4320-AC44-D5B798DAC4DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C55AA09B-5525-4FE2-A6EB-FE17E44E1B92}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe | "{CD502786-FA52-4F1E-B195-031C915833EE}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | "{CD7BC678-DAD4-42B2-888F-85E10DABB878}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CE20CE75-6E56-4C46-B6F9-729977790F76}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe | "{CFCDCFF8-61A6-48FF-9149-D066CAC41D10}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | "{D052D553-11B4-457E-9ACD-BB5B26BBCA06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D45501EB-FEC5-46A5-AACE-41F3342A73A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D55F51D7-F784-4F67-8AB4-02D1816868AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D7E37804-02D9-44BE-8E60-F0396E11312D}" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | "{D97D1A9B-9C6A-443B-B496-5301699D85C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D9A34361-1FF4-4A6F-B322-F2BCBF841B16}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DBDDC718-2424-40FF-A660-6016C0B35062}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC38B7A1-7A19-4572-B804-231FA9CB50E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DC551ABC-F82D-4790-8BAE-591A9829533C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DDA1CA55-32DD-4E60-BB67-699197D1FAF8}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{DDE7E29B-05BA-4E5A-8181-03661C71A136}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | "{DE070C7C-2D36-4F1B-958A-703CD2B84E8C}" = protocol=6 | dir=in | app=d:\program files\smartftp client\smartftp.exe | "{DF43F3F7-7B1B-452B-927E-FDEDF48E7B7A}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe | "{DFEEA257-873B-4630-82AB-9AACA41BFDD0}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{E114EFDB-4644-40C8-AE70-713830269671}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe | "{E202C588-7DD2-48E8-B46A-A91AAEFA4A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E2DBD22A-1ED6-4296-8BA9-7122C581BCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4DEB344-75BB-477B-AD79-85DD288615D7}" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe | "{E5605F38-7950-458D-BDD0-75D40AA6352C}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe | "{E723A605-7E07-4C14-AC5C-96E4F64D20A7}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{E78E6DBB-2928-497A-8A31-607565F791D2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E880C361-C135-451E-A136-34181AAA1844}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ED0B4C47-FA5E-4F0C-9209-6330535D9419}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe | "{F12CCF94-7941-414A-9FB4-966B0208590D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F3239163-F0AF-4759-B0F1-31DF2F31CB44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe | "{F6963C29-9F24-4AD6-BC27-F6B01B418D4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F832AC05-3A68-4054-8915-99D2176CDE09}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | "{FB225D7F-CECC-4854-A40B-E36D48C19D49}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe | "{FE817B56-B7F1-4436-901B-449D36087CE8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{059C752D-1FC9-44FF-9A50-F27E5B46BA24}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe | "TCP Query User{0BA3652B-F4B5-4662-AF88-B1970C5A7044}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | "TCP Query User{136E423E-34A7-448A-A643-791DB8C12AB9}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{1A25D4C9-0F54-4D46-9E7F-4485009BF066}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{1EDEAD11-6D23-43C0-8CC6-FA0061F14AA7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{21C2D761-EDDE-4B5F-BA93-3325F2A125D2}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | "TCP Query User{3400678C-1FAF-482A-A952-9C6FA6DAFDD6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{3BE6D1F8-1DF8-465D-967B-6A0EAD4E9B3B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{4A7B64B0-D97C-450E-910B-F8D222DAF7A6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | "TCP Query User{4BD62CB5-8702-4025-BAA1-FA0A6E8ECFD6}D:\program files\idisplay\idisplay.exe" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe | "TCP Query User{4C7C430B-31B0-4530-91A0-EB26BC91A343}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | "TCP Query User{551C577B-B3A2-4AE8-AB9B-E66E100CF79E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{56E35F55-8B7B-45BD-9376-B95952327BF6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | "TCP Query User{5AFB474E-1409-4EA9-A864-A07C2269352E}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | "TCP Query User{5DC31A97-624E-4481-98B0-22036563013A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{6AF74A2F-6B52-49BA-8B37-345F4362A782}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{6DFB3240-5D39-40F0-B32D-95048128E4A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{781BC3BA-B39F-43CF-96F0-13E733ED2075}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{83A15E0A-2A60-4865-A452-028EBD9ED5AE}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | "TCP Query User{83B38E4D-B4F8-4D8A-9928-FF393831DDB2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{924F1177-3C84-49B9-80CB-ADDDC2862353}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{AAA5B836-1CD0-4A4B-BAB4-D9B64A4D3C43}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe | "TCP Query User{D4F45617-B12A-4493-A1F1-BC095D735EE7}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | "TCP Query User{DAFB5FC9-A974-4FE4-A91B-C10F45E675F7}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{E3C68974-81CE-4651-9A9B-810811B24F1E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{E8C37F4E-EC7F-4533-851D-02FA1190CFAC}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe | "TCP Query User{F15E12E7-0BB0-4B20-A258-89EDC6C5D200}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=6 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe | "TCP Query User{F7E7CD97-C1D5-459D-A531-85122A0ECAA3}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{0B3FF12A-4257-44F8-BE08-43F033F9B79E}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | "UDP Query User{0EFB661D-39C1-4CBA-B41D-C05DF1960852}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe | "UDP Query User{22D2C70F-D75B-472B-AC69-3B2B36C2425D}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=17 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe | "UDP Query User{2528374E-F523-48DE-B4B9-F4A14D99C53B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{2B491EE1-5012-4AAF-89B8-89294E7175B2}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe | "UDP Query User{2D41A54B-D1D1-4827-9A90-336373FDCC3A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{30A93AE1-CBAD-46B7-B681-65571E57BFE8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{317CF065-C65C-4535-93E4-814BDC84D0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{3A84B6EA-F33E-4210-9586-D5F1A3DC6A99}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{3E76244C-96C2-49EA-8EE2-17137AD30318}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "UDP Query User{402F8884-F988-483A-AB17-5D6927643736}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | "UDP Query User{4BAC178C-8AC0-4A2E-BB71-761F73B8432B}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | "UDP Query User{4F475238-25A2-46B2-A03D-F4BB4EC6B8C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{56268A59-A90D-4BB1-94B7-62A84DDB7899}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | "UDP Query User{5F85D056-1694-41F9-A040-F89B4BAC7370}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{882A0A0F-1E98-41B7-AA79-4DAAC9E39AB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{8DCA4174-8EA5-4B2D-8004-D834F0094743}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{91D47CDA-40AA-44FB-B50F-46181055F9A1}D:\program files\idisplay\idisplay.exe" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe | "UDP Query User{B7165220-5A9D-4CF0-94E9-39DD65E162DB}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | "UDP Query User{B8DBB5C1-7CD0-4F0C-B52B-BA2CC1F7B57F}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe | "UDP Query User{C9F985FD-E2BF-4F9B-94D5-6EEA9900E82B}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{CF6957E8-63D7-482B-BA5F-B896B19CCD1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{D380BC74-21AF-4B7B-B970-6660C0A0D147}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | "UDP Query User{D8A13A2F-4DD1-4FDA-8117-6402A378507A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{DFC2CBF5-1B6B-4876-8286-9FFD23E85F3E}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | "UDP Query User{E68B1C36-A389-4BB3-8B03-AE8C5C9A0673}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | "UDP Query User{F6416E5F-D574-4BAA-86A1-9C160B91AB97}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{F727E7ED-DDAF-4180-993B-1BB1CCA7FA8B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{02220E03-0B8C-44F5-8E20-AD8917AA6DD1}" = openAir2kml "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8 "{07B30B65-6615-46CF-ABB2-4AD33B9CE87A}" = OutSync "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes "{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit Version 4.1 "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3 "{16BF9FAA-2804-48A9-823F-87DFD06969E0}" = LX navigation LXE "{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225B779B-94BA-4A83-9E11-6F1D99ECE7CD}" = Windchill ProductPoint Client Manager-2.0_2010.09.06.001 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2336573C-3213-48AA-A306-8309BA9BD92C}" = Aerosoft's - Airbus X "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{2F4493E4-7237-4B2F-B693-B13BA827DBA7}" = Rhinoceros 4.0 Trainingsmaterial - Stufe 1 "{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{388BB822-33BF-4ED9-8A04-7007CC37A24E}" = REFLEX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax "{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A "{46181E57-7362-4FCC-A30E-6E31429E160F}_is1" = NaviComputer V0.95 "{4689C255-3373-4A61-8E3C-3E9C92EFA4E5}" = AeroFly Professional Deluxe "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{5BD1BBB6-DC09-420F-B459-DD61DD351541}" = aerosoft's - Menorca X for FSX "{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0 "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3 "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{64996B10-0B55-4625-A124-551CB65F09CE}" = aerosoft's - London City Airport X "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7668700F-1E1D-4E37-A7AE-29DFA7BE4B8F}" = eDocPrintPro v3.17.4 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install "{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F702E8C-D01F-4128-AD93-4A9AE07603A9}" = Aerosoft's - German Airfields FREE - Wasserkuppe "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{917FBB8E-C606-4ADD-9E5D-236646F5A1AA}" = PhoenixRC "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit "{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{990A2B02-0C8F-4BD4-989B-9F4561D8FAD2}" = RealFlight G5 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A4003C3C-30EF-41F6-87DD-33DDC471651C}" = Autodesk 123D Catch "{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BBBA5E54-5B3C-11DE-BAEA-F9C855D89593}" = insight3d 0.3.2 "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{C0A6F8BF-2C50-4D70-B98E-590EA298E5A1}" = WinSpice v1.06.00 "{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b "{CDDE8723-0D3C-4446-BFCC-6AFAED649A71}" = Mission Planner "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2FDD9AD-F2FA-42D7-B4B6-43202C53F142}" = 'PTC Places' Namespace Shell Extension "{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files "{E630D30A-79EE-407A-8F51-9D57D1F45230}" = gs_x86 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{EB2423B8-2060-4260-874B-3ED7A68D1275}" = FS Flight Keeper (3.0) "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE18E4CF-6732-470B-A526-3FE205AC69D5}" = CompanionLink "{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow "{FB56079B-7D0C-4D1D-864A-09BA159CC31B}" = Active Sky Evolution "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "{FF63DB41-2880-4C24-A06A-B8BF69B6406B}" = Unified Remote "1C403B82E4E446F5F271843776F81232792700B4" = Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.0) "7-Zip" = 7-Zip 9.20 "ABViewer 7_is1" = ABViewer 7 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 "Avira AntiVir Desktop" = Avira Free Antivirus "CamStudio" = CamStudio "CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4 "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.1.2 "D4BE65E2BB029E9D50B48199CCFFE66D0F514A27" = Windows-Treiberpaket - 3D Robotics (usbser) Ports (03/28/2013 1.6.2.0) "DAEMON Tools Lite" = DAEMON Tools Lite "Dassault Systemes B18_0" = Dassault Systemes Software B18 "Dassault Systemes B20_0" = Dassault Systemes Software B20 "DivX Setup.divx.com" = DivX-Setup "doubleTwist" = doubleTwist "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition "EasternAlps Scenery" = EasternAlps Scenery 2.0 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "f1mustang_FSX" = Flight1 Citation Mustang "FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0 "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FileZilla Client" = FileZilla Client 3.7.0.1 "FinePrint" = FinePrint "Flamingo 1.1" = Flamingo 1.1 "Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0 "FlightGear_is1" = FlightGear 2.10.0.3 "FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "Google Calendar Sync" = Google Calendar Sync "Ground Environment X Europe" = Ground Environment X Europe "Hugin" = Hugin 2011.0.0 "iDisplay_is1" = iDisplay 2.0.0 "IGC GE Flight_is1" = IGC Flight Replay 1.0 "ImgBurn" = ImgBurn "InstallShield_{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "JDownloader" = JDownloader "KeyShot2" = KeyShot2 2.3 32 bit "LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8 "LX Styler_is1" = LX Styler "MatlabR2011a" = MATLAB R2011a "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "MiKTeX 2.9" = MiKTeX 2.9 "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MPE" = MyPhoneExplorer "NetCommy_is1" = NetCommy 1.14 "nHancer" = nHancer "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "openAir2kml" = openAir2kml "OpenAL" = OpenAL "PDFTK Builder_is1" = PDFTK Builder 3.5.3 "Rhinoceros 3.0" = Rhinoceros 3.0 "RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X "SeeYou Mobile" = SeeYou Mobile "SeeYou_is1" = SeeYou Version 4.22 "SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only) "SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Texmaker" = Texmaker "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "TS3 Overlay" = TS3 Overlay "VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager "VLC media player" = VLC media player 1.1.11 "WinRAR archiver" = WinRAR "wxdevcpp" = wxDev-C++ 7.3.1 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Aerosoft Mega Airport Munich v 1.00 for FSX" = Aerosoft Mega Airport Munich v 1.00 for FSX "Dropbox" = Dropbox "FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279 "GeoGebra WebStart" = GeoGebra WebStart "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Spotify" = Spotify "Titan Casino" = Titan Casino ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8143 Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8143 Error - 28.05.2013 22:50:46 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 28.05.2013 22:53:18 | Computer Name = Martin-PC | Source = System Restore | ID = 8193 Description = Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1030 Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 30.05.2013 05:38:32 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.05.2013 05:42:48 | Computer Name = Martin-PC | Source = System Restore | ID = 8193 Description = [ Cisco AnyConnect VPN Client Events ] Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line: 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321 Invoked Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283 Invoked Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp Line: 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ OSession Events ] Error - 25.01.2011 19:33:57 | Computer Name = Martin-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3752 seconds with 1560 seconds of active time. This session ended with a crash. [ System Events ] Error - 25.05.2013 03:35:56 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR32 gefunden. Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error - 26.05.2013 05:27:32 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error - 27.05.2013 01:14:52 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 27.05.2013 01:14:54 | Computer Name = Martin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. < End of report > Code:
ATTFilter OTL logfile created on: 30.05.2013 15:27:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free 8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () PRC - C:\Windows\System32\lxbucoms.exe ( ) ========== Modules (No Company Name) ========== MOD - D:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - D:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Java\jre7\bin\jp2native.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () ========== Services (SafeList) ========== SRV - (mi-raysat_3dsmax9_32) -- D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GsServer) -- D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (nHancer) -- X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (BBDemon) -- D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (mi-raysat_3dsmax2010_32) -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( ) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (DxkgFilter) -- D:\Program Files\iDisplay\idisplay.sys () DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.at/ [binary data] IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 6D 55 81 97 BB CB 01 [binary data] IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT" FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0 FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:2.8.5 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.24 09:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.24 09:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M] [2011.01.24 09:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2013.05.23 23:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions [2013.03.12 16:55:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013.05.07 22:35:16 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\foxyproxy@eric.h.jung [2011.02.17 00:36:55 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\linky@gemal.dk [2013.05.07 22:35:11 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2011.03.04 00:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions [2011.03.04 00:19:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.24 23:34:11 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\youtube2mp3@mondayx.de.xpi [2011.12.08 19:42:35 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.05.09 20:29:38 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.23 23:39:39 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.08 07:28:48 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.01.20 16:35:01 | 000,002,059 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\daemon-search.xml [2013.05.30 11:09:56 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-1.xml [2011.04.30 21:09:36 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-2.xml [2011.05.05 23:06:57 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-3.xml [2011.06.21 06:52:49 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-4.xml [2011.08.19 15:15:09 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-5.xml [2011.09.12 23:04:33 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-6.xml [2011.03.25 15:37:06 | 000,001,056 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin.xml [2012.08.20 01:55:49 | 000,003,915 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\sweetim.xml O1 HOSTS File: ([2011.01.24 21:36:54 | 000,001,730 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 4 more lines... O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Programme\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Spotify Web Helper] C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Zaemectiot] C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA416F6-55F8-461A-B1D4-A0FB030B6945}: NameServer = 212.18.3.5 212.18.0.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06AFEE5-B9BC-4DB3-A216-146EB60EC29B}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell\AutoRun\command - "" = S:\AutoRun.exe O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell\AutoRun\command - "" = J:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 21:30:18 | 000,000,000 | ---D | C] -- D:\Dokumente\XCSoarData [2013.05.25 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\FileZilla [2013.05.25 13:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.05.22 16:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.22 16:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Yqzi [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Quit [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Ehma [2013.05.12 18:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.8 [2013.05.12 18:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.8 [2013.05.12 17:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit [2013.05.12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\HD2 Toolkit [2013.05.11 13:50:25 | 000,000,000 | ---D | C] -- D:\Dokumente\HTC HD2 Android [2013.05.11 12:20:09 | 000,000,000 | ---D | C] -- D:\Dokumente\WhatsApp [2013.05.08 21:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.08 21:10:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\insight3d [2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\insight3d [2013.05.08 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk [2013.05.08 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SmartFTP Client 4.1 Setup [2013.05.07 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\Downloads [2013.05.07 22:44:12 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\flightgear.org [2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org [2013.05.02 22:56:55 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2013.05.02 22:56:55 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2013.05.02 22:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2013.05.02 22:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.10.0.3 [2013.04.30 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\GMap.NET [2013.04.30 17:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2013.04.30 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APM Planner [2013.04.30 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\APM Planner [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Martin\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Martin\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2013.05.30 15:21:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.30 14:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.30 11:12:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.30 11:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 16:13:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.05.28 16:12:56 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013.05.26 13:32:55 | 000,000,976 | ---- | M] () -- C:\Users\Martin\Desktop\Adobe Dreamweaver CS3 - 32bit.lnk [2013.05.26 13:25:09 | 000,000,810 | ---- | M] () -- C:\Users\Martin\Desktop\FileZilla.lnk [2013.05.25 19:03:51 | 000,064,640 | ---- | M] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV [2013.05.25 19:03:49 | 000,038,431 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2013.05.22 20:13:16 | 000,025,387 | ---- | M] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf [2013.05.22 16:26:02 | 000,001,550 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.15 21:46:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 21:46:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 18:19:05 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk [2013.05.11 17:44:57 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 17:44:57 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 17:44:57 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 17:44:57 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.10 21:33:06 | 000,001,237 | ---- | M] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk [2013.05.08 22:06:14 | 000,017,698 | ---- | M] () -- D:\Dokumente\Bestellnummer_ 22368.pdf [2013.05.08 22:05:30 | 000,067,429 | ---- | M] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf [2013.05.08 19:53:37 | 000,001,825 | ---- | M] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk [2013.05.07 22:43:55 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.07 20:27:50 | 000,001,094 | ---- | M] () -- C:\Users\Martin\Desktop\minecraft.bat - Verknüpfung.lnk [2013.05.04 20:53:16 | 000,000,840 | ---- | M] () -- C:\Users\Martin\Desktop\SeeYou.lnk [2013.05.02 22:56:55 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2013.05.02 22:56:55 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2013.05.02 22:56:10 | 000,000,835 | ---- | M] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk [2013.04.30 17:59:36 | 000,001,068 | ---- | M] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk ========== Files Created - No Company Name ========== [2013.05.26 16:21:05 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked64 [2013.05.26 13:25:09 | 000,000,810 | ---- | C] () -- C:\Users\Martin\Desktop\FileZilla.lnk [2013.05.25 19:03:46 | 000,064,640 | ---- | C] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV [2013.05.22 20:13:16 | 000,025,387 | ---- | C] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf [2013.05.22 16:26:02 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.12 18:19:12 | 002,888,384 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2013.05.12 18:19:12 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2013.05.12 18:19:08 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2013.05.12 18:19:05 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk [2013.05.10 21:33:06 | 000,001,237 | ---- | C] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk [2013.05.08 22:06:14 | 000,017,698 | ---- | C] () -- D:\Dokumente\Bestellnummer_ 22368.pdf [2013.05.08 22:05:30 | 000,067,429 | ---- | C] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf [2013.05.08 19:53:37 | 000,001,825 | ---- | C] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk [2013.05.02 22:56:10 | 000,000,835 | ---- | C] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk [2013.04.30 17:59:36 | 000,001,068 | ---- | C] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk [2013.04.04 18:26:06 | 000,038,431 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.07.09 23:28:25 | 000,000,335 | ---- | C] () -- C:\Users\Martin\AppData\Local\Perfmon.PerfmonCfg [2012.06.26 00:45:25 | 000,199,312 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\csio.dll [2012.03.18 23:18:53 | 000,038,434 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.03.18 23:17:42 | 000,038,435 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.02.28 21:10:33 | 000,001,434 | ---- | C] () -- C:\Users\Martin\AppData\Local\RecConfig.xml [2012.02.23 14:41:57 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI [2012.02.23 14:41:33 | 000,000,341 | ---- | C] () -- C:\Windows\RECMGRUN.INI [2012.02.23 14:40:52 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI [2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\g_nhqnsp300.ini [2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bhtrugl705.dat [2011.10.22 11:24:20 | 000,805,895 | ---- | C] () -- C:\Users\Martin\cdlabel.jpg [2011.09.24 23:42:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.28 20:01:28 | 000,000,406 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\gnuplot_history [2011.01.24 09:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Martin\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Martin\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.30 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft [2012.03.03 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.Nitrous [2012.11.30 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.techniclauncher [2012.11.28 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Arduino [2013.05.08 19:53:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Autodesk [2012.07.06 23:54:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\benibela [2011.04.08 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BOM [2011.10.19 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon [2011.03.13 10:40:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CompanionLink [2012.02.10 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite [2011.03.28 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DassaultSystemes [2011.05.03 20:14:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dev-Cpp [2013.05.28 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox [2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ehma [2013.05.27 19:29:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FileZilla [2011.02.23 09:49:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Flight1 [2013.05.02 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\flightgear.org [2013.01.09 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Freeplane [2012.11.06 00:08:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fritzing [2011.01.24 09:24:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo [2013.01.07 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GoodSync [2011.02.25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HiFi [2013.04.25 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IGCGeFlight [2011.10.27 18:59:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ImgBurn [2012.12.30 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JabRef 2.9 [2011.02.08 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LegalSounds [2011.01.24 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Local [2011.02.27 10:48:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mathsoft [2013.05.21 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MyPhoneExplorer [2011.09.24 23:40:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy [2011.09.27 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Outlook [2011.02.27 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PTC [2011.10.29 21:19:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pymclevel [2013.05.30 15:10:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Quit [2012.01.28 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SHAPE Services [2011.05.19 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Soft Gold [2013.05.29 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify [2011.11.10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer [2013.03.03 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2013.05.25 19:00:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client [2011.09.27 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ts3overlay [2011.01.25 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2011.03.26 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft [2012.05.03 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unified Remote [2012.11.24 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\xm1 [2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Yqzi ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:74603393 < End of report > Gruß, Martin |
30.05.2013, 15:03 | #2 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Zaemectiot] C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe (Sysinternals - www.sysinternals.com) [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Yqzi [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Quit :files C:\Users\Martin\AppData\Roaming\Ehma :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
30.05.2013, 15:30 | #3 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Danke fürs hochladen, du hast den Trojan.zbot
__________________Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für onlinebanking, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Ich würde, wenn es mein PC währe, ihn einmal neu aufsetzen und absichern, dazu bekommst du anleitungen von mir, Entscheidung liegt natürlich bei dir.
__________________ |
30.05.2013, 15:30 | #4 |
| Online Banking gesperrt - Schadsoftware Das geht ja echt fix Upload war erfolgreich. Hier noch wie verlangt der Inhalt der Datei: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zaemectiot deleted successfully. C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe moved successfully. C:\Users\Martin\AppData\Roaming\Yqzi folder moved successfully. C:\Users\Martin\AppData\Roaming\Quit folder moved successfully. ========== FILES ========== C:\Users\Martin\AppData\Roaming\Ehma folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 50520 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Martin ->Temp folder emptied: 2632946668 bytes ->Temporary Internet Files folder emptied: 255352092 bytes ->Java cache emptied: 5941760 bytes ->FireFox cache emptied: 474961797 bytes ->Flash cache emptied: 64272 bytes User: Public User: Stefan ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 382438778 bytes RecycleBin emptied: 1642287313 bytes Total Files Cleaned = 5.144,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05302013_161657 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
30.05.2013, 16:07 | #5 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Schau mal, ich hatte über deinem Post schon was geschrieben :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.05.2013, 16:09 | #6 |
| Online Banking gesperrt - Schadsoftware Ah hab ich ganz übersehen. Ich würde gerne versuchen den PC zu bereinigen. |
30.05.2013, 16:11 | #7 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Ok, dir muss aber bewusst sein, dass, wenn wir etwas übersehen, im schlimmsten Falle jemand dein Bankkonto plündern kann (onlinebanking) Wollte nur noch mal auf das Risiko hinweisen. Wenn du aber weiter machen willst: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.05.2013, 16:18 | #8 |
| Online Banking gesperrt - Schadsoftware Das ist der Inhalt des Reports: Code:
ATTFilter 17:17:02.0481 5260 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:17:02.0891 5260 ============================================================ 17:17:02.0891 5260 Current date / time: 2013/05/30 17:17:02.0891 17:17:02.0891 5260 SystemInfo: 17:17:02.0891 5260 17:17:02.0891 5260 OS Version: 6.1.7600 ServicePack: 0.0 17:17:02.0891 5260 Product type: Workstation 17:17:02.0891 5260 ComputerName: MARTIN-PC 17:17:02.0891 5260 UserName: Martin 17:17:02.0891 5260 Windows directory: C:\Windows 17:17:02.0891 5260 System windows directory: C:\Windows 17:17:02.0891 5260 Processor architecture: Intel x86 17:17:02.0891 5260 Number of processors: 4 17:17:02.0891 5260 Page size: 0x1000 17:17:02.0891 5260 Boot type: Normal boot 17:17:02.0891 5260 ============================================================ 17:17:03.0711 5260 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:17:03.0721 5260 ============================================================ 17:17:03.0721 5260 \Device\Harddisk0\DR0: 17:17:03.0721 5260 MBR partitions: 17:17:03.0721 5260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB507BE9 17:17:03.0741 5260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB507C67, BlocksNum 0x24EBD0DF 17:17:03.0761 5260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x303C4D85, BlocksNum 0x9FBFEBC 17:17:03.0761 5260 ============================================================ 17:17:03.0771 5260 X: <-> \Device\Harddisk0\DR0\Partition3 17:17:03.0811 5260 D: <-> \Device\Harddisk0\DR0\Partition2 17:17:03.0851 5260 C: <-> \Device\Harddisk0\DR0\Partition1 17:17:03.0851 5260 ============================================================ 17:17:03.0851 5260 Initialize success 17:17:03.0851 5260 ============================================================ 17:17:11.0982 5384 ============================================================ 17:17:11.0982 5384 Scan started 17:17:11.0982 5384 Mode: Manual; SigCheck; TDLFS; 17:17:11.0982 5384 ============================================================ 17:17:12.0542 5384 ================ Scan system memory ======================== 17:17:12.0542 5384 System memory - ok 17:17:12.0542 5384 ================ Scan services ============================= 17:17:12.0672 5384 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 17:17:12.0732 5384 1394ohci - ok 17:17:12.0742 5384 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 17:17:12.0762 5384 ACPI - ok 17:17:12.0772 5384 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 17:17:12.0792 5384 AcpiPmi - ok 17:17:12.0842 5384 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:17:12.0852 5384 AdobeFlashPlayerUpdateSvc - ok 17:17:12.0882 5384 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:17:12.0902 5384 adp94xx - ok 17:17:12.0912 5384 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:17:12.0922 5384 adpahci - ok 17:17:12.0942 5384 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:17:12.0952 5384 adpu320 - ok 17:17:12.0982 5384 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:17:13.0012 5384 AeLookupSvc - ok 17:17:13.0032 5384 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys 17:17:13.0062 5384 AFD - ok 17:17:13.0082 5384 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 17:17:13.0092 5384 agp440 - ok 17:17:13.0102 5384 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 17:17:13.0112 5384 aic78xx - ok 17:17:13.0132 5384 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 17:17:13.0142 5384 ALG - ok 17:17:13.0172 5384 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 17:17:13.0182 5384 aliide - ok 17:17:13.0192 5384 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys 17:17:13.0202 5384 amdagp - ok 17:17:13.0212 5384 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 17:17:13.0222 5384 amdide - ok 17:17:13.0232 5384 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:17:13.0252 5384 AmdK8 - ok 17:17:13.0252 5384 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:17:13.0262 5384 AmdPPM - ok 17:17:13.0292 5384 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 17:17:13.0302 5384 amdsata - ok 17:17:13.0333 5384 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:17:13.0343 5384 amdsbs - ok 17:17:13.0363 5384 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 17:17:13.0373 5384 amdxata - ok 17:17:13.0453 5384 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:17:13.0463 5384 AntiVirSchedulerService - ok 17:17:13.0493 5384 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:17:13.0503 5384 AntiVirService - ok 17:17:13.0533 5384 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 17:17:13.0543 5384 AppID - ok 17:17:13.0573 5384 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:17:13.0593 5384 AppIDSvc - ok 17:17:13.0613 5384 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 17:17:13.0643 5384 Appinfo - ok 17:17:13.0683 5384 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:17:13.0703 5384 Apple Mobile Device - ok 17:17:13.0723 5384 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 17:17:13.0733 5384 AppMgmt - ok 17:17:13.0763 5384 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 17:17:13.0773 5384 arc - ok 17:17:13.0783 5384 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:17:13.0793 5384 arcsas - ok 17:17:13.0873 5384 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 17:17:13.0883 5384 aspnet_state - ok 17:17:13.0913 5384 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:17:13.0933 5384 AsyncMac - ok 17:17:13.0953 5384 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys 17:17:13.0963 5384 atapi - ok 17:17:13.0993 5384 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:17:14.0023 5384 AudioEndpointBuilder - ok 17:17:14.0033 5384 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 17:17:14.0063 5384 Audiosrv - ok 17:17:14.0123 5384 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:17:14.0153 5384 avgntflt - ok 17:17:14.0193 5384 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:17:14.0203 5384 avipbb - ok 17:17:14.0233 5384 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:17:14.0243 5384 avkmgr - ok 17:17:14.0263 5384 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:17:14.0283 5384 AxInstSV - ok 17:17:14.0313 5384 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 17:17:14.0334 5384 b06bdrv - ok 17:17:14.0364 5384 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 17:17:14.0384 5384 b57nd60x - ok 17:17:14.0584 5384 [ 584F96E8CA59F2EC987E8FD6712D666E ] BBDemon D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe 17:17:14.0604 5384 BBDemon ( UnsignedFile.Multi.Generic ) - warning 17:17:14.0604 5384 BBDemon - detected UnsignedFile.Multi.Generic (1) 17:17:14.0644 5384 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 17:17:14.0664 5384 BDESVC - ok 17:17:14.0684 5384 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 17:17:14.0714 5384 Beep - ok 17:17:14.0744 5384 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 17:17:14.0774 5384 BFE - ok 17:17:14.0804 5384 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll 17:17:14.0834 5384 BITS - ok 17:17:14.0844 5384 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:17:14.0854 5384 blbdrive - ok 17:17:14.0904 5384 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:17:14.0914 5384 Bonjour Service - ok 17:17:14.0924 5384 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:17:14.0944 5384 bowser - ok 17:17:14.0964 5384 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:17:14.0974 5384 BrFiltLo - ok 17:17:14.0984 5384 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:17:14.0994 5384 BrFiltUp - ok 17:17:15.0024 5384 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll 17:17:15.0044 5384 Browser - ok 17:17:15.0064 5384 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:17:15.0074 5384 Brserid - ok 17:17:15.0084 5384 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:17:15.0104 5384 BrSerWdm - ok 17:17:15.0114 5384 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:17:15.0124 5384 BrUsbMdm - ok 17:17:15.0134 5384 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:17:15.0144 5384 BrUsbSer - ok 17:17:15.0194 5384 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 17:17:15.0214 5384 BthEnum - ok 17:17:15.0224 5384 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:17:15.0244 5384 BTHMODEM - ok 17:17:15.0264 5384 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:17:15.0284 5384 BthPan - ok 17:17:15.0294 5384 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 17:17:15.0314 5384 BTHPORT - ok 17:17:15.0344 5384 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 17:17:15.0374 5384 bthserv - ok 17:17:15.0384 5384 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 17:17:15.0404 5384 BTHUSB - ok 17:17:15.0434 5384 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:17:15.0454 5384 cdfs - ok 17:17:15.0484 5384 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:17:15.0504 5384 cdrom - ok 17:17:15.0524 5384 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 17:17:15.0544 5384 CertPropSvc - ok 17:17:15.0584 5384 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:17:15.0604 5384 circlass - ok 17:17:15.0624 5384 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 17:17:15.0634 5384 CLFS - ok 17:17:15.0684 5384 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:17:15.0684 5384 clr_optimization_v2.0.50727_32 - ok 17:17:15.0714 5384 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:17:15.0724 5384 clr_optimization_v4.0.30319_32 - ok 17:17:15.0744 5384 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:17:15.0764 5384 CmBatt - ok 17:17:15.0764 5384 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 17:17:15.0774 5384 cmdide - ok 17:17:15.0804 5384 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys 17:17:15.0824 5384 CNG - ok 17:17:15.0834 5384 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:17:15.0844 5384 Compbatt - ok 17:17:15.0864 5384 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:17:15.0874 5384 CompositeBus - ok 17:17:15.0884 5384 COMSysApp - ok 17:17:15.0904 5384 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:17:15.0914 5384 crcdisk - ok 17:17:15.0944 5384 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:17:15.0974 5384 CryptSvc - ok 17:17:15.0994 5384 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys 17:17:16.0014 5384 CSC - ok 17:17:16.0034 5384 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll 17:17:16.0044 5384 CscService - ok 17:17:16.0074 5384 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 17:17:16.0104 5384 DcomLaunch - ok 17:17:16.0124 5384 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 17:17:16.0154 5384 defragsvc - ok 17:17:16.0184 5384 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:17:16.0204 5384 DfsC - ok 17:17:16.0224 5384 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 17:17:16.0244 5384 Dhcp - ok 17:17:16.0254 5384 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 17:17:16.0274 5384 discache - ok 17:17:16.0294 5384 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:17:16.0304 5384 Disk - ok 17:17:16.0314 5384 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:17:16.0334 5384 Dnscache - ok 17:17:16.0354 5384 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 17:17:16.0374 5384 dot3svc - ok 17:17:16.0384 5384 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 17:17:16.0404 5384 DPS - ok 17:17:16.0444 5384 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:17:16.0454 5384 drmkaud - ok 17:17:16.0484 5384 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 17:17:16.0494 5384 dtsoftbus01 - ok 17:17:16.0514 5384 [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:17:16.0554 5384 DXGKrnl - ok 17:17:16.0664 5384 [ 615FB699440981C0A72A337A8A8550B8 ] DxkgFilter D:\Program Files\iDisplay\idisplay.sys 17:17:16.0674 5384 DxkgFilter - ok 17:17:16.0694 5384 [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys 17:17:16.0714 5384 e1yexpress - ok 17:17:16.0734 5384 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 17:17:16.0764 5384 EapHost - ok 17:17:16.0834 5384 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 17:17:16.0874 5384 ebdrv - ok 17:17:16.0904 5384 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe 17:17:16.0914 5384 EFS - ok 17:17:16.0974 5384 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:17:16.0994 5384 ehRecvr - ok 17:17:17.0014 5384 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 17:17:17.0024 5384 ehSched - ok 17:17:17.0114 5384 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:17:17.0124 5384 elxstor - ok 17:17:17.0174 5384 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys 17:17:17.0184 5384 epmntdrv ( UnsignedFile.Multi.Generic ) - warning 17:17:17.0184 5384 epmntdrv - detected UnsignedFile.Multi.Generic (1) 17:17:17.0194 5384 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 17:17:17.0214 5384 ErrDev - ok 17:17:17.0254 5384 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys 17:17:17.0254 5384 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning 17:17:17.0254 5384 EuGdiDrv - detected UnsignedFile.Multi.Generic (1) 17:17:17.0294 5384 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 17:17:17.0324 5384 EventSystem - ok 17:17:17.0344 5384 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 17:17:17.0374 5384 exfat - ok 17:17:17.0384 5384 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:17:17.0414 5384 fastfat - ok 17:17:17.0434 5384 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 17:17:17.0454 5384 Fax - ok 17:17:17.0474 5384 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:17:17.0484 5384 fdc - ok 17:17:17.0504 5384 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 17:17:17.0534 5384 fdPHost - ok 17:17:17.0544 5384 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 17:17:17.0574 5384 FDResPub - ok 17:17:17.0574 5384 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:17:17.0584 5384 FileInfo - ok 17:17:17.0594 5384 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:17:17.0614 5384 Filetrace - ok 17:17:17.0654 5384 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:17:17.0674 5384 FLEXnet Licensing Service - ok 17:17:17.0704 5384 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:17:17.0714 5384 flpydisk - ok 17:17:17.0744 5384 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:17:17.0754 5384 FltMgr - ok 17:17:17.0784 5384 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll 17:17:17.0814 5384 FontCache - ok 17:17:17.0844 5384 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:17:17.0854 5384 FontCache3.0.0.0 - ok 17:17:17.0864 5384 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:17:17.0874 5384 FsDepends - ok 17:17:17.0884 5384 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:17:17.0894 5384 Fs_Rec - ok 17:17:17.0914 5384 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:17:17.0924 5384 fvevol - ok 17:17:17.0954 5384 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:17:17.0964 5384 gagp30kx - ok 17:17:17.0994 5384 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:17:18.0004 5384 GEARAspiWDM - ok 17:17:18.0034 5384 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 17:17:18.0054 5384 gpsvc - ok 17:17:18.0124 5384 GsServer - ok 17:17:18.0194 5384 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 17:17:18.0204 5384 gupdate - ok 17:17:18.0224 5384 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:17:18.0234 5384 gupdatem - ok 17:17:18.0254 5384 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 17:17:18.0264 5384 hamachi - ok 17:17:18.0294 5384 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:17:18.0304 5384 hcw85cir - ok 17:17:18.0344 5384 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:17:18.0354 5384 HdAudAddService - ok 17:17:18.0374 5384 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:17:18.0384 5384 HDAudBus - ok 17:17:18.0384 5384 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:17:18.0404 5384 HidBatt - ok 17:17:18.0404 5384 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:17:18.0424 5384 HidBth - ok 17:17:18.0444 5384 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:17:18.0454 5384 HidIr - ok 17:17:18.0484 5384 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 17:17:18.0504 5384 hidserv - ok 17:17:18.0524 5384 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:17:18.0534 5384 HidUsb - ok 17:17:18.0554 5384 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:17:18.0584 5384 hkmsvc - ok 17:17:18.0594 5384 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:17:18.0604 5384 HomeGroupListener - ok 17:17:18.0634 5384 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:17:18.0644 5384 HomeGroupProvider - ok 17:17:18.0654 5384 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 17:17:18.0664 5384 HpSAMD - ok 17:17:18.0704 5384 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys 17:17:18.0714 5384 HTCAND32 - ok 17:17:18.0784 5384 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys 17:17:18.0794 5384 htcnprot - ok 17:17:18.0824 5384 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:17:18.0854 5384 HTTP - ok 17:17:18.0914 5384 [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 17:17:18.0924 5384 hwdatacard - ok 17:17:18.0934 5384 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:17:18.0944 5384 hwpolicy - ok 17:17:18.0964 5384 [ AC6B4AABF92867584445D0C435B9248F ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys 17:17:18.0974 5384 hwusbdev - ok 17:17:19.0024 5384 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:17:19.0034 5384 i8042prt - ok 17:17:19.0044 5384 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys 17:17:19.0054 5384 iaStorV - ok 17:17:19.0114 5384 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:17:19.0114 5384 IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:17:19.0114 5384 IDriverT - detected UnsignedFile.Multi.Generic (1) 17:17:19.0164 5384 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:17:19.0184 5384 idsvc - ok 17:17:19.0194 5384 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:17:19.0204 5384 iirsp - ok 17:17:19.0254 5384 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 17:17:19.0264 5384 IJPLMSVC - ok 17:17:19.0304 5384 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 17:17:19.0344 5384 IKEEXT - ok 17:17:19.0354 5384 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 17:17:19.0364 5384 intelide - ok 17:17:19.0394 5384 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:17:19.0404 5384 intelppm - ok 17:17:19.0424 5384 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:17:19.0454 5384 IPBusEnum - ok 17:17:19.0464 5384 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:17:19.0484 5384 IpFilterDriver - ok 17:17:19.0514 5384 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:17:19.0544 5384 iphlpsvc - ok 17:17:19.0554 5384 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 17:17:19.0574 5384 IPMIDRV - ok 17:17:19.0584 5384 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:17:19.0604 5384 IPNAT - ok 17:17:19.0644 5384 [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:17:19.0664 5384 iPod Service - ok 17:17:19.0714 5384 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys 17:17:19.0714 5384 iPodDrv ( UnsignedFile.Multi.Generic ) - warning 17:17:19.0714 5384 iPodDrv - detected UnsignedFile.Multi.Generic (1) 17:17:19.0734 5384 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:17:19.0754 5384 IRENUM - ok 17:17:19.0774 5384 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 17:17:19.0784 5384 isapnp - ok 17:17:19.0794 5384 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:17:19.0804 5384 iScsiPrt - ok 17:17:19.0834 5384 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:17:19.0844 5384 kbdclass - ok 17:17:19.0864 5384 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:17:19.0874 5384 kbdhid - ok 17:17:19.0884 5384 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe 17:17:19.0894 5384 KeyIso - ok 17:17:19.0914 5384 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:17:19.0924 5384 KSecDD - ok 17:17:19.0924 5384 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:17:19.0934 5384 KSecPkg - ok 17:17:19.0964 5384 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 17:17:19.0994 5384 KtmRm - ok 17:17:20.0024 5384 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:17:20.0054 5384 LanmanServer - ok 17:17:20.0074 5384 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:17:20.0104 5384 LanmanWorkstation - ok 17:17:20.0144 5384 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:17:20.0174 5384 lltdio - ok 17:17:20.0194 5384 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:17:20.0214 5384 lltdsvc - ok 17:17:20.0224 5384 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 17:17:20.0254 5384 lmhosts - ok 17:17:20.0284 5384 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:17:20.0294 5384 LSI_FC - ok 17:17:20.0304 5384 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:17:20.0314 5384 LSI_SAS - ok 17:17:20.0324 5384 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:17:20.0335 5384 LSI_SAS2 - ok 17:17:20.0335 5384 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:17:20.0355 5384 LSI_SCSI - ok 17:17:20.0365 5384 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 17:17:20.0395 5384 luafv - ok 17:17:20.0435 5384 [ CA020DB361524D1182138EFEAA8CF8F3 ] LUMDriver C:\Windows\system32\drivers\LUMDriver.sys 17:17:20.0435 5384 LUMDriver - ok 17:17:20.0445 5384 lxbu_device - ok 17:17:20.0495 5384 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe 17:17:20.0505 5384 McComponentHostService - ok 17:17:20.0525 5384 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:17:20.0535 5384 Mcx2Svc - ok 17:17:20.0565 5384 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:17:20.0575 5384 megasas - ok 17:17:20.0605 5384 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:17:20.0615 5384 MegaSR - ok 17:17:20.0725 5384 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe 17:17:20.0725 5384 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning 17:17:20.0725 5384 mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1) 17:17:20.0745 5384 mi-raysat_3dsmax9_32 - ok 17:17:20.0795 5384 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 17:17:20.0805 5384 Microsoft Office Groove Audit Service - ok 17:17:20.0825 5384 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 17:17:20.0855 5384 MMCSS - ok 17:17:20.0875 5384 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 17:17:20.0895 5384 Modem - ok 17:17:20.0925 5384 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:17:20.0935 5384 monitor - ok 17:17:20.0945 5384 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:17:20.0955 5384 mouclass - ok 17:17:20.0965 5384 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:17:20.0975 5384 mouhid - ok 17:17:21.0005 5384 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:17:21.0015 5384 mountmgr - ok 17:17:21.0025 5384 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys 17:17:21.0045 5384 mpio - ok 17:17:21.0055 5384 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:17:21.0085 5384 mpsdrv - ok 17:17:21.0115 5384 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 17:17:21.0145 5384 MpsSvc - ok 17:17:21.0165 5384 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:17:21.0175 5384 MRxDAV - ok 17:17:21.0185 5384 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:17:21.0215 5384 mrxsmb - ok 17:17:21.0225 5384 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:17:21.0255 5384 mrxsmb10 - ok 17:17:21.0265 5384 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:17:21.0285 5384 mrxsmb20 - ok 17:17:21.0295 5384 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 17:17:21.0305 5384 msahci - ok 17:17:21.0335 5384 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 17:17:21.0345 5384 msdsm - ok 17:17:21.0355 5384 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 17:17:21.0365 5384 MSDTC - ok 17:17:21.0385 5384 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:17:21.0405 5384 Msfs - ok 17:17:21.0415 5384 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:17:21.0445 5384 mshidkmdf - ok 17:17:21.0445 5384 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 17:17:21.0455 5384 msisadrv - ok 17:17:21.0485 5384 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:17:21.0505 5384 MSiSCSI - ok 17:17:21.0515 5384 msiserver - ok 17:17:21.0535 5384 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:17:21.0555 5384 MSKSSRV - ok 17:17:21.0585 5384 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:17:21.0605 5384 MSPCLOCK - ok 17:17:21.0615 5384 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:17:21.0645 5384 MSPQM - ok 17:17:21.0665 5384 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:17:21.0675 5384 MsRPC - ok 17:17:21.0685 5384 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:17:21.0695 5384 mssmbios - ok 17:17:21.0715 5384 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:17:21.0735 5384 MSTEE - ok 17:17:21.0755 5384 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:17:21.0765 5384 MTConfig - ok 17:17:21.0765 5384 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 17:17:21.0775 5384 Mup - ok 17:17:21.0805 5384 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 17:17:21.0835 5384 napagent - ok 17:17:21.0845 5384 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:17:21.0865 5384 NativeWifiP - ok 17:17:21.0885 5384 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:17:21.0905 5384 NDIS - ok 17:17:21.0925 5384 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:17:21.0945 5384 NdisCap - ok 17:17:21.0985 5384 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:17:22.0005 5384 NdisTapi - ok 17:17:22.0025 5384 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:17:22.0045 5384 Ndisuio - ok 17:17:22.0055 5384 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:17:22.0085 5384 NdisWan - ok 17:17:22.0095 5384 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:17:22.0115 5384 NDProxy - ok 17:17:22.0145 5384 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:17:22.0175 5384 NetBIOS - ok 17:17:22.0185 5384 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:17:22.0215 5384 NetBT - ok 17:17:22.0225 5384 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe 17:17:22.0235 5384 Netlogon - ok 17:17:22.0275 5384 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 17:17:22.0305 5384 Netman - ok 17:17:22.0335 5384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:17:22.0345 5384 NetMsmqActivator - ok 17:17:22.0345 5384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:17:22.0355 5384 NetPipeActivator - ok 17:17:22.0365 5384 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 17:17:22.0395 5384 netprofm - ok 17:17:22.0405 5384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:17:22.0405 5384 NetTcpActivator - ok 17:17:22.0415 5384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:17:22.0425 5384 NetTcpPortSharing - ok 17:17:22.0445 5384 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:17:22.0455 5384 nfrd960 - ok 17:17:22.0525 5384 [ 4EECD2DC44E844B3A912B2650CC6E41F ] nHancer X:\Program Files\nHancer\nHancerService.exe 17:17:22.0525 5384 nHancer ( UnsignedFile.Multi.Generic ) - warning 17:17:22.0525 5384 nHancer - detected UnsignedFile.Multi.Generic (1) 17:17:22.0555 5384 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 17:17:22.0595 5384 NlaSvc - ok 17:17:22.0605 5384 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:17:22.0625 5384 Npfs - ok 17:17:22.0635 5384 npggsvc - ok 17:17:22.0645 5384 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 17:17:22.0675 5384 nsi - ok 17:17:22.0685 5384 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:17:22.0715 5384 nsiproxy - ok 17:17:22.0735 5384 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:17:22.0765 5384 Ntfs - ok 17:17:22.0775 5384 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 17:17:22.0795 5384 Null - ok 17:17:22.0935 5384 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:17:23.0065 5384 nvlddmkm - ok 17:17:23.0085 5384 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys 17:17:23.0095 5384 nvraid - ok 17:17:23.0105 5384 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys 17:17:23.0115 5384 nvstor - ok 17:17:23.0155 5384 [ B785320CBCF5021DE9945C803696C511 ] NVSvc C:\Windows\system32\nvvsvc.exe 17:17:23.0175 5384 NVSvc - ok 17:17:23.0235 5384 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 17:17:23.0255 5384 nvUpdatusService - ok 17:17:23.0275 5384 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 17:17:23.0285 5384 nv_agp - ok 17:17:23.0345 5384 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:17:23.0355 5384 odserv - ok 17:17:23.0375 5384 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:17:23.0385 5384 ohci1394 - ok 17:17:23.0425 5384 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:17:23.0435 5384 ose - ok 17:17:23.0455 5384 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:17:23.0465 5384 p2pimsvc - ok 17:17:23.0475 5384 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 17:17:23.0495 5384 p2psvc - ok 17:17:23.0515 5384 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:17:23.0535 5384 Parport - ok 17:17:23.0535 5384 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:17:23.0545 5384 partmgr - ok 17:17:23.0565 5384 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 17:17:23.0575 5384 Parvdm - ok 17:17:23.0635 5384 [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 17:17:23.0635 5384 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 17:17:23.0635 5384 PassThru Service - detected UnsignedFile.Multi.Generic (1) 17:17:23.0665 5384 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:17:23.0685 5384 PcaSvc - ok 17:17:23.0685 5384 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys 17:17:23.0705 5384 pci - ok 17:17:23.0705 5384 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys 17:17:23.0715 5384 pciide - ok 17:17:23.0725 5384 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:17:23.0745 5384 pcmcia - ok 17:17:23.0745 5384 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 17:17:23.0755 5384 pcw - ok 17:17:23.0775 5384 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:17:23.0805 5384 PEAUTH - ok 17:17:23.0845 5384 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:17:23.0865 5384 PeerDistSvc - ok 17:17:23.0905 5384 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 17:17:23.0945 5384 pla - ok 17:17:23.0965 5384 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:17:23.0995 5384 PlugPlay - ok 17:17:24.0005 5384 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:17:24.0025 5384 PNRPAutoReg - ok 17:17:24.0035 5384 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:17:24.0045 5384 PNRPsvc - ok 17:17:24.0065 5384 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:17:24.0095 5384 PolicyAgent - ok 17:17:24.0105 5384 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 17:17:24.0135 5384 Power - ok 17:17:24.0165 5384 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:17:24.0195 5384 PptpMiniport - ok 17:17:24.0205 5384 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:17:24.0215 5384 Processor - ok 17:17:24.0255 5384 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll 17:17:24.0285 5384 ProfSvc - ok 17:17:24.0295 5384 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:17:24.0315 5384 ProtectedStorage - ok 17:17:24.0325 5384 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:17:24.0355 5384 Psched - ok 17:17:24.0375 5384 [ 0B6DEA0A1662CAB8F2BF339DC0752EF4 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 17:17:24.0385 5384 PSI_SVC_2 - ok 17:17:24.0425 5384 [ 2F4FADDCDBC6DC301F3CB9FFFB4B4A09 ] pwdrvio C:\Windows\system32\pwdrvio.sys 17:17:24.0435 5384 pwdrvio - ok 17:17:24.0475 5384 [ B75CF7AAE69964EBBE5B875AC81231CD ] pwdspio C:\Windows\system32\pwdspio.sys 17:17:24.0485 5384 pwdspio - ok 17:17:24.0525 5384 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:17:24.0555 5384 ql2300 - ok 17:17:24.0565 5384 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:17:24.0575 5384 ql40xx - ok 17:17:24.0605 5384 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 17:17:24.0625 5384 QWAVE - ok 17:17:24.0635 5384 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:17:24.0645 5384 QWAVEdrv - ok 17:17:24.0705 5384 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 17:17:24.0715 5384 RapiMgr - ok 17:17:24.0725 5384 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:17:24.0755 5384 RasAcd - ok 17:17:24.0785 5384 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:17:24.0815 5384 RasAgileVpn - ok 17:17:24.0835 5384 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 17:17:24.0865 5384 RasAuto - ok 17:17:24.0865 5384 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:17:24.0895 5384 Rasl2tp - ok 17:17:24.0915 5384 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 17:17:24.0945 5384 RasMan - ok 17:17:24.0955 5384 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:17:24.0975 5384 RasPppoe - ok 17:17:24.0985 5384 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:17:25.0015 5384 RasSstp - ok 17:17:25.0025 5384 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:17:25.0055 5384 rdbss - ok 17:17:25.0055 5384 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:17:25.0075 5384 rdpbus - ok 17:17:25.0075 5384 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:17:25.0105 5384 RDPCDD - ok 17:17:25.0165 5384 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:17:25.0175 5384 RDPDR - ok 17:17:25.0195 5384 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:17:25.0215 5384 RDPENCDD - ok 17:17:25.0235 5384 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:17:25.0265 5384 RDPREFMP - ok 17:17:25.0285 5384 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:17:25.0315 5384 RDPWD - ok 17:17:25.0335 5384 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:17:25.0355 5384 rdyboost - ok 17:17:25.0365 5384 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 17:17:25.0395 5384 RemoteAccess - ok 17:17:25.0425 5384 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:17:25.0455 5384 RemoteRegistry - ok 17:17:25.0495 5384 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:17:25.0505 5384 RFCOMM - ok 17:17:25.0535 5384 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:17:25.0555 5384 RpcEptMapper - ok 17:17:25.0575 5384 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 17:17:25.0585 5384 RpcLocator - ok 17:17:25.0605 5384 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 17:17:25.0635 5384 RpcSs - ok 17:17:25.0665 5384 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:17:25.0695 5384 rspndr - ok 17:17:25.0705 5384 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 17:17:25.0715 5384 s3cap - ok 17:17:25.0725 5384 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe 17:17:25.0735 5384 SamSs - ok 17:17:25.0765 5384 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 17:17:25.0775 5384 sbp2port - ok 17:17:25.0795 5384 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:17:25.0825 5384 SCardSvr - ok 17:17:25.0835 5384 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:17:25.0855 5384 scfilter - ok 17:17:25.0875 5384 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll 17:17:25.0915 5384 Schedule - ok 17:17:25.0925 5384 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:17:25.0955 5384 SCPolicySvc - ok 17:17:25.0965 5384 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:17:25.0975 5384 SDRSVC - ok 17:17:26.0005 5384 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:17:26.0035 5384 secdrv - ok 17:17:26.0045 5384 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 17:17:26.0075 5384 seclogon - ok 17:17:26.0085 5384 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 17:17:26.0115 5384 SENS - ok 17:17:26.0145 5384 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:17:26.0155 5384 SensrSvc - ok 17:17:26.0165 5384 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:17:26.0185 5384 Serenum - ok 17:17:26.0195 5384 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:17:26.0205 5384 Serial - ok 17:17:26.0215 5384 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:17:26.0235 5384 sermouse - ok 17:17:26.0245 5384 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 17:17:26.0275 5384 SessionEnv - ok 17:17:26.0285 5384 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 17:17:26.0295 5384 sffdisk - ok 17:17:26.0305 5384 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 17:17:26.0325 5384 sffp_mmc - ok 17:17:26.0335 5384 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 17:17:26.0346 5384 sffp_sd - ok 17:17:26.0356 5384 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:17:26.0366 5384 sfloppy - ok 17:17:26.0406 5384 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:17:26.0426 5384 SharedAccess - ok 17:17:26.0456 5384 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:17:26.0466 5384 ShellHWDetection - ok 17:17:26.0486 5384 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys 17:17:26.0496 5384 sisagp - ok 17:17:26.0526 5384 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:17:26.0536 5384 SiSRaid2 - ok 17:17:26.0556 5384 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:17:26.0566 5384 SiSRaid4 - ok 17:17:26.0616 5384 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 17:17:26.0626 5384 SkypeUpdate - ok 17:17:26.0656 5384 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:17:26.0686 5384 Smb - ok 17:17:26.0726 5384 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:17:26.0746 5384 SNMPTRAP - ok 17:17:26.0766 5384 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 17:17:26.0776 5384 spldr - ok 17:17:26.0786 5384 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe 17:17:26.0806 5384 Spooler - ok 17:17:26.0856 5384 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 17:17:26.0906 5384 sppsvc - ok 17:17:26.0916 5384 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:17:26.0946 5384 sppuinotify - ok 17:17:26.0956 5384 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:17:26.0986 5384 srv - ok 17:17:26.0986 5384 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:17:27.0016 5384 srv2 - ok 17:17:27.0026 5384 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:17:27.0046 5384 srvnet - ok 17:17:27.0066 5384 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:17:27.0096 5384 SSDPSRV - ok 17:17:27.0126 5384 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 17:17:27.0136 5384 ssmdrv - ok 17:17:27.0146 5384 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:17:27.0176 5384 SstpSvc - ok 17:17:27.0226 5384 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 17:17:27.0236 5384 Stereo Service - ok 17:17:27.0256 5384 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:17:27.0266 5384 stexstor - ok 17:17:27.0286 5384 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 17:17:27.0306 5384 StiSvc - ok 17:17:27.0336 5384 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 17:17:27.0346 5384 storflt - ok 17:17:27.0366 5384 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 17:17:27.0376 5384 storvsc - ok 17:17:27.0386 5384 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:17:27.0396 5384 swenum - ok 17:17:27.0416 5384 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 17:17:27.0446 5384 swprv - ok 17:17:27.0486 5384 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 17:17:27.0516 5384 SysMain - ok 17:17:27.0536 5384 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:17:27.0556 5384 TabletInputService - ok 17:17:27.0576 5384 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 17:17:27.0606 5384 TapiSrv - ok 17:17:27.0626 5384 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 17:17:27.0656 5384 TBS - ok 17:17:27.0686 5384 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:17:27.0716 5384 Tcpip - ok 17:17:27.0756 5384 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:17:27.0786 5384 TCPIP6 - ok 17:17:27.0796 5384 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:17:27.0826 5384 tcpipreg - ok 17:17:27.0846 5384 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:17:27.0866 5384 TDPIPE - ok 17:17:27.0886 5384 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:17:27.0906 5384 TDTCP - ok 17:17:27.0916 5384 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:17:27.0946 5384 tdx - ok 17:17:27.0946 5384 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:17:27.0956 5384 TermDD - ok 17:17:27.0976 5384 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 17:17:28.0006 5384 TermService - ok 17:17:28.0026 5384 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 17:17:28.0036 5384 Themes - ok 17:17:28.0046 5384 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 17:17:28.0076 5384 THREADORDER - ok 17:17:28.0096 5384 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 17:17:28.0126 5384 TrkWks - ok 17:17:28.0166 5384 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:17:28.0176 5384 TrustedInstaller - ok 17:17:28.0196 5384 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:17:28.0216 5384 tssecsrv - ok 17:17:28.0236 5384 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:17:28.0256 5384 tunnel - ok 17:17:28.0286 5384 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:17:28.0296 5384 uagp35 - ok 17:17:28.0316 5384 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:17:28.0336 5384 udfs - ok 17:17:28.0366 5384 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:17:28.0386 5384 UI0Detect - ok 17:17:28.0396 5384 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 17:17:28.0406 5384 uliagpkx - ok 17:17:28.0416 5384 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:17:28.0426 5384 umbus - ok 17:17:28.0446 5384 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:17:28.0466 5384 UmPass - ok 17:17:28.0486 5384 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll 17:17:28.0506 5384 UmRdpService - ok 17:17:28.0526 5384 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 17:17:28.0556 5384 upnphost - ok 17:17:28.0616 5384 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:17:28.0636 5384 usbaudio - ok 17:17:28.0656 5384 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:17:28.0676 5384 usbccgp - ok 17:17:28.0696 5384 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 17:17:28.0706 5384 usbcir - ok 17:17:28.0726 5384 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:17:28.0736 5384 usbehci - ok 17:17:28.0756 5384 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:17:28.0766 5384 usbhub - ok 17:17:28.0786 5384 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 17:17:28.0796 5384 usbohci - ok 17:17:28.0826 5384 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:17:28.0846 5384 usbprint - ok 17:17:28.0866 5384 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:17:28.0876 5384 usbscan - ok 17:17:28.0896 5384 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:17:28.0906 5384 USBSTOR - ok 17:17:28.0906 5384 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:17:28.0916 5384 usbuhci - ok 17:17:28.0946 5384 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:17:28.0956 5384 usbvideo - ok 17:17:28.0996 5384 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 17:17:29.0006 5384 usb_rndisx - ok 17:17:29.0026 5384 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 17:17:29.0046 5384 UxSms - ok 17:17:29.0056 5384 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe 17:17:29.0076 5384 VaultSvc - ok 17:17:29.0096 5384 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 17:17:29.0106 5384 vdrvroot - ok 17:17:29.0116 5384 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 17:17:29.0136 5384 vds - ok 17:17:29.0166 5384 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:17:29.0176 5384 vga - ok 17:17:29.0186 5384 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 17:17:29.0216 5384 VgaSave - ok 17:17:29.0236 5384 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 17:17:29.0246 5384 vhdmp - ok 17:17:29.0266 5384 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys 17:17:29.0276 5384 viaagp - ok 17:17:29.0296 5384 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 17:17:29.0306 5384 ViaC7 - ok 17:17:29.0316 5384 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys 17:17:29.0326 5384 viaide - ok 17:17:29.0357 5384 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 17:17:29.0367 5384 vmbus - ok 17:17:29.0387 5384 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 17:17:29.0397 5384 VMBusHID - ok 17:17:29.0407 5384 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 17:17:29.0417 5384 volmgr - ok 17:17:29.0427 5384 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:17:29.0437 5384 volmgrx - ok 17:17:29.0447 5384 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 17:17:29.0457 5384 volsnap - ok 17:17:29.0507 5384 [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 17:17:29.0517 5384 vpnagent - ok 17:17:29.0547 5384 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys 17:17:29.0557 5384 vpnva - ok 17:17:29.0577 5384 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:17:29.0587 5384 vsmraid - ok 17:17:29.0637 5384 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 17:17:29.0657 5384 VSS - ok 17:17:29.0677 5384 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 17:17:29.0687 5384 vwifibus - ok 17:17:29.0697 5384 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 17:17:29.0727 5384 W32Time - ok 17:17:29.0747 5384 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:17:29.0757 5384 WacomPen - ok 17:17:29.0777 5384 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:17:29.0807 5384 WANARP - ok 17:17:29.0807 5384 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:17:29.0837 5384 Wanarpv6 - ok 17:17:29.0867 5384 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 17:17:29.0887 5384 wbengine - ok 17:17:29.0907 5384 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:17:29.0917 5384 WbioSrvc - ok 17:17:29.0947 5384 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 17:17:29.0957 5384 WcesComm - ok 17:17:29.0977 5384 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:17:29.0997 5384 wcncsvc - ok 17:17:30.0007 5384 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:17:30.0017 5384 WcsPlugInService - ok 17:17:30.0037 5384 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:17:30.0047 5384 Wd - ok 17:17:30.0057 5384 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:17:30.0077 5384 Wdf01000 - ok 17:17:30.0087 5384 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:17:30.0097 5384 WdiServiceHost - ok 17:17:30.0107 5384 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:17:30.0117 5384 WdiSystemHost - ok 17:17:30.0137 5384 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll 17:17:30.0157 5384 WebClient - ok 17:17:30.0167 5384 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:17:30.0197 5384 Wecsvc - ok 17:17:30.0207 5384 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:17:30.0237 5384 wercplsupport - ok 17:17:30.0247 5384 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 17:17:30.0277 5384 WerSvc - ok 17:17:30.0297 5384 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:17:30.0327 5384 WfpLwf - ok 17:17:30.0337 5384 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:17:30.0347 5384 WIMMount - ok 17:17:30.0397 5384 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:17:30.0417 5384 WinDefend - ok 17:17:30.0427 5384 WinHttpAutoProxySvc - ok 17:17:30.0467 5384 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:17:30.0497 5384 Winmgmt - ok 17:17:30.0537 5384 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 17:17:30.0567 5384 WinRM - ok 17:17:30.0607 5384 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS 17:17:30.0627 5384 WINUSB - ok 17:17:30.0647 5384 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:17:30.0667 5384 Wlansvc - ok 17:17:30.0687 5384 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:17:30.0697 5384 WmiAcpi - ok 17:17:30.0727 5384 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:17:30.0737 5384 wmiApSrv - ok 17:17:30.0797 5384 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:17:30.0827 5384 WMPNetworkSvc - ok 17:17:30.0847 5384 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:17:30.0857 5384 WPCSvc - ok 17:17:30.0867 5384 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:17:30.0887 5384 WPDBusEnum - ok 17:17:30.0897 5384 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:17:30.0927 5384 ws2ifsl - ok 17:17:30.0937 5384 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 17:17:30.0947 5384 wscsvc - ok 17:17:30.0987 5384 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 17:17:30.0997 5384 WSDPrintDevice - ok 17:17:31.0007 5384 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 17:17:31.0027 5384 WSDScan - ok 17:17:31.0027 5384 WSearch - ok 17:17:31.0067 5384 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll 17:17:31.0117 5384 wuauserv - ok 17:17:31.0137 5384 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:17:31.0157 5384 WudfPf - ok 17:17:31.0177 5384 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:17:31.0197 5384 WUDFRd - ok 17:17:31.0217 5384 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:17:31.0247 5384 wudfsvc - ok 17:17:31.0257 5384 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 17:17:31.0267 5384 WwanSvc - ok 17:17:31.0297 5384 ================ Scan global =============================== 17:17:31.0317 5384 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 17:17:31.0327 5384 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll 17:17:31.0337 5384 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll 17:17:31.0347 5384 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 17:17:31.0367 5384 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 17:17:31.0377 5384 [Global] - ok 17:17:31.0377 5384 ================ Scan MBR ================================== 17:17:31.0387 5384 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:17:31.0607 5384 \Device\Harddisk0\DR0 - ok 17:17:31.0607 5384 ================ Scan VBR ================================== 17:17:31.0617 5384 [ 7F1329E1311C585B900CFAD06CBFD964 ] \Device\Harddisk0\DR0\Partition1 17:17:31.0617 5384 \Device\Harddisk0\DR0\Partition1 - ok 17:17:31.0617 5384 [ 58E562ECE8680D26ADAA19835E11704E ] \Device\Harddisk0\DR0\Partition2 17:17:31.0617 5384 \Device\Harddisk0\DR0\Partition2 - ok 17:17:31.0647 5384 [ 9495710C5438121BDAB590A9F0A761D2 ] \Device\Harddisk0\DR0\Partition3 17:17:31.0647 5384 \Device\Harddisk0\DR0\Partition3 - ok 17:17:31.0647 5384 ============================================================ 17:17:31.0647 5384 Scan finished 17:17:31.0647 5384 ============================================================ 17:17:31.0657 1304 Detected object count: 8 17:17:31.0657 1304 Actual detected object count: 8 17:17:36.0317 1304 BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0317 1304 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0317 1304 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0317 1304 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0317 1304 iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0317 1304 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0317 1304 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0327 1304 nHancer ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0327 1304 nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:17:36.0327 1304 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:17:36.0327 1304 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip |
30.05.2013, 16:19 | #9 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.05.2013, 16:39 | #10 |
| Online Banking gesperrt - Schadsoftware Hier der Combofix Log: Code:
ATTFilter ComboFix 13-05-30.02 - Martin 30.05.2013 17:25:08.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.3327.2016 [GMT 2:00] ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Martin\AppData\Local\lame_enc.dll c:\users\Martin\AppData\Local\no23xwrapper.dll c:\users\Martin\AppData\Local\ogg.dll c:\users\Martin\AppData\Local\vorbis.dll c:\users\Martin\AppData\Local\vorbisenc.dll c:\users\Martin\AppData\Local\vorbisfile.dll c:\users\Martin\AppData\Roaming\csio.dll c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\ijl11.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-30 )))))))))))))))))))))))))))))) . . 2013-05-25 11:23 . 2013-05-27 17:29 -------- d-----w- c:\users\Martin\AppData\Roaming\FileZilla 2013-05-22 14:25 . 2013-05-22 14:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-05-22 14:25 . 2013-05-22 14:25 -------- d-----w- c:\program files\iPod 2013-05-12 16:19 . 2013-03-07 11:37 2888384 ----a-w- c:\windows\system32\pwNative.exe 2013-05-12 16:19 . 2013-03-07 11:37 15576 ------w- c:\windows\system32\pwdrvio.sys 2013-05-12 16:19 . 2013-03-07 11:36 10200 ------w- c:\windows\system32\pwdspio.sys 2013-05-12 16:19 . 2013-05-12 16:19 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.8 2013-05-12 15:47 . 2013-05-12 15:47 -------- d-----w- c:\program files\HD2 Toolkit 2013-05-08 19:11 . 2013-05-08 19:11 -------- d-----w- c:\program files\Common Files\Java 2013-05-08 19:10 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-08 18:05 . 2013-05-08 18:05 -------- d-----w- c:\program files\insight3d 2013-05-08 17:53 . 2013-05-08 17:53 10669384 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{A4003C3C-30EF-41F6-87DD-33DDC471651C}\PhotoSceneEditor.exe 2013-05-08 15:04 . 2013-05-08 15:04 -------- d-----w- c:\users\Martin\AppData\Local\SmartFTP Client 4.1 Setup 2013-05-07 20:44 . 2013-05-07 20:43 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-05-02 20:56 . 2013-05-02 20:56 -------- d-----w- c:\users\Martin\AppData\Roaming\flightgear.org 2013-05-02 20:56 . 2013-05-02 20:56 -------- d-----w- c:\programdata\flightgear.org 2013-05-02 20:56 . 2013-05-02 20:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2013-05-02 20:56 . 2013-05-02 20:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2013-05-02 20:56 . 2013-05-02 20:56 -------- d-----w- c:\program files\OpenAL 2013-04-30 15:59 . 2013-04-30 15:59 -------- d-----w- c:\users\Martin\AppData\Local\GMap.NET 2013-04-30 15:58 . 2013-04-30 15:58 -------- d-----w- c:\program files\DIFX 2013-04-30 15:57 . 2013-04-30 15:59 -------- d-----w- c:\program files\APM Planner . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 19:46 . 2012-04-26 21:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 19:46 . 2011-05-18 04:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-31 21:51 . 2013-03-03 19:13 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-31 21:51 . 2013-03-03 19:13 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-31 21:51 . 2013-03-03 19:13 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-10 15:00 . 2013-01-29 22:01 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-10 15:00 . 2011-01-25 23:27 782240 ----a-w- c:\windows\system32\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392] . c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplyEsf-eDocPrintPro] 2010-11-25 11:30 315392 ----a-w- c:\program files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2010-03-24 17:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx] 2010-04-02 08:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CompanionLink] 2011-03-02 06:43 22230016 ----a-w- d:\program files\CompanionLink\CompanionLink.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2012-01-24 13:19 3478336 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager] 2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoodSync] 2012-11-30 09:39 2194648 ----a-w- d:\program files\Siber Systems\GoodSync\GoodSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-05-15 12:59 152392 ----a-w- d:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBUCATS] 2007-02-22 04:12 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbutime.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] 2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2013-05-03 20:25 4573184 ----a-w- c:\users\Martin\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-05-03 20:25 1105408 ----a-w- c:\users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2012-02-16 13:29 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator] 2012-02-26 14:01 295728 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" . R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 DxkgFilter;Filtering Dxkg;d:\program files\iDisplay\idisplay.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.313\McCHSvc.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 BBDemon;Backbone Service;d:\program files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe [x] S2 GsServer;GoodSync Server;d:\program files\Siber Systems\GoodSync\Gs-Server.exe [x] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhalt des "geplante Tasks" Ordners . 2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 19:46] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 22:24] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 22:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: Interfaces\{2CA416F6-55F8-461A-B1D4-A0FB030B6945}: NameServer = 212.18.3.5 212.18.0.5 DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2k1ibfdb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q= FF - ExtSQL: 2013-04-07 22:25; foxyproxy@eric.h.jung; c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\foxyproxy@eric.h.jung FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file) WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file) HKCU-Run-Zaemectiot - c:\users\Martin\AppData\Roaming\Ehma\zayl.exe MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe MSConfigStartUp-LogMeIn Hamachi Ui - d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe AddRemove-GeoGebra WebStart - c:\windows\system32\javaws.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-30 17:35:54 ComboFix-quarantined-files.txt 2013-05-30 15:35 . Vor Suchlauf: 12 Verzeichnis(se), 39.287.275.520 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 39.186.554.880 Bytes frei . - - End Of File - - BAF694CC39EC2C30D85259D670333A27 |
30.05.2013, 16:42 | #11 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.05.2013, 19:38 | #12 |
| Online Banking gesperrt - Schadsoftware Malwarebytes läuft bereits seit 3 Stunden und hat 6 infizierte Objekte gefunden. Nun ist ein weiteres Problem aufgetreten. Eine Webseite die ich aktuell halte zeigt nun beim Aufruf an, dass sie schädliche Dateien verbreiten kann. Wir haben diesbezüglich schon eine email vom Anbieter bekommen. Jetzt überlege ich ob ich nicht doch meinen PC neu aufsetzten sollte.. Mir stellt sich dabei nur die Frage was passiert wenn ich meine Dokumente auf eine externe Festplatte speichere. Besteht da kein Risiko, dass die Schadsoftware mit gespeichert wird und sich dann wieder auf dem neuen System ausbreitet? Wie kann ich also sicher gehen dass meine Dokumente, Bilder usw. frei sind wenn ich sie sichere? |
30.05.2013, 20:15 | #13 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware Hi, die Seite dann aber noch nicht mit dem frisch aufgesetztem PC besuchen, wir müssen ihn dann erst absichern. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.05.2013, 20:50 | #14 |
| Online Banking gesperrt - Schadsoftware Okay. Dann danke schonmal für die heutige Hilfe, war echt super! Ich werde das Neuaufsetzen morgen, bzw. übers Wochenende angehen wenn ich eine geeignete externe Festplatte zum sichern habe. Gruß, Martin |
30.05.2013, 21:13 | #15 |
/// Malware-holic | Online Banking gesperrt - Schadsoftware genau, meld dich dann einfach
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Online Banking gesperrt - Schadsoftware |
7-zip, avira, banking, bho, bonjour, canon, desktop, error, excel, failed, fehler, flash player, google, helper, home, hängen, install.exe, logfile, monitor.exe, mozilla, msiexec.exe, myphoneexplorer, object, online, plug-in, problem, registry, scan, schadsoftware, security, senden, server, sketchup, spotify web helper, svchost.exe, taskhost.exe, teamspeak, visual studio, windows |