| vakaru72 | 15.10.2013 05:40 |
Hallo
Ok.. dann hier mal die diversen Logs....
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Leemann at 2013-10-14 20:46:54
Running from C:\Users\Leemann\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Common File Installer (Version: 1.00.002)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Premiere Elements 4.0 (Version: 4.0)
Adobe Premiere Elements 4.0 Templates (Version: 4.0.0)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.4052)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.20.1182.0)
Canon MP Navigator EX 2.0
Canon MP630 series MP Drivers
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Citrix Presentation Server Client - Nur Web (Version: 10.100.55836)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
erLT (Version: 1.20.138.34)
eTax.schwyz 2012 nP 11.0.4 (Version: 11.0.4)
Fisc2012 (Version: 1.0.0.0)
Fotogalerie (Version: 16.4.3505.0912)
FreePDF (Remove only)
Google Chrome (Version: 30.0.1599.69)
Google Update Helper (Version: 1.3.21.165)
iCloud (Version: 3.0.2.163)
ifolor Designer (Version: 3.2.3.0)
iTunes (Version: 11.1.0.126)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 16.4.3505.0912)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.20.1182.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.20.1182.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.20.1182.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Photo Gallery (Version: 16.4.3505.0912)
Private Tax 2012 2.4 (Version: 2.4)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
RedMon - Redirection Port Monitor
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
Sonos Controller (Version: 19.3.53220)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VMware View Client (Version: 5.2.1.937772)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
==================== Restore Points =========================
12-09-2013 01:00:42 Windows Update
19-09-2013 11:44:51 Geplanter Prüfpunkt
05-10-2013 10:53:32 Geplanter Prüfpunkt
08-10-2013 01:00:21 Windows Update
11-10-2013 01:00:28 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {53717688-DD03-4A67-806B-5CA8FE33B35A} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {5F6F1F7E-5B52-4A4F-BDBD-3457D7F71E5B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {800CDE81-3707-46B7-85C1-1196BED66A06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {8C092174-F89F-42ED-BE32-624A1C131A12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {98576137-C3D8-406C-BD63-9BDD48442AAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {995DBCBE-C0F0-499F-9D56-033CA1C8C036} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CC161B97-C796-4FDF-8548-529E0ABC6FAC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {FB722D86-D203-4372-AF3C-F7095F342BAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-08 18:17 - 2013-10-08 14:16 - 02704352 _____ () C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-10-06 12:19 - 2013-09-11 15:44 - 00190464 _____ () C:\Users\Leemann\AppData\Roaming\okitspace\IE\OKitSpace.dll
2012-09-12 16:57 - 2012-09-12 16:57 - 00282112 _____ () C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/13/2013 08:56:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67576
Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1694.246, Zeitstempel: 0x5253f78e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017966f
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0xFlashUtil32_11_7_700_224_ActiveX.exe0
Pfad der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe1
Pfad des fehlerhaften Moduls: FlashUtil32_11_7_700_224_ActiveX.exe2
Berichtskennung: FlashUtil32_11_7_700_224_ActiveX.exe3
Error: (10/13/2013 08:56:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67576
Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1694.246, Zeitstempel: 0x5253f78e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017966f
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0xFlashUtil32_11_7_700_224_ActiveX.exe0
Pfad der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe1
Pfad des fehlerhaften Moduls: FlashUtil32_11_7_700_224_ActiveX.exe2
Berichtskennung: FlashUtil32_11_7_700_224_ActiveX.exe3
Error: (10/13/2013 08:38:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LogitechUpdate.exe, Version: 2.17.17.0, Zeitstempel: 0x4cc0a7bc
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0x1478
Startzeit der fehlerhaften Anwendung: 0xLogitechUpdate.exe0
Pfad der fehlerhaften Anwendung: LogitechUpdate.exe1
Pfad des fehlerhaften Moduls: LogitechUpdate.exe2
Berichtskennung: LogitechUpdate.exe3
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14040
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14040
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/12/2013 05:51:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12044
System errors:
=============
Error: (10/14/2013 08:09:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/14/2013 08:09:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/14/2013 01:51:24 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/14/2013 01:51:17 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/14/2013 01:51:17 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/14/2013 01:51:16 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/14/2013 01:51:16 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/14/2013 01:51:15 PM) (Source: DCOM) (User: Leemann-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Leemann-PCLeemannS-1-5-21-3596910918-3739008497-3997665400-1001LocalHost (unter Verwendung von LRPC)
Error: (10/11/2013 07:30:18 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/11/2013 03:32:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (10/13/2013 08:56:58 AM) (Source: Application Error)(User: )
Description: FlashUtil32_11_7_700_224_ActiveX.exe11.7.700.22451a67576bitguard.dll2.6.1694.2465253f78ec00000050017966f147c01cec7e00f22aad8C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exec:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dlla6c4a3b8-33d4-11e3-8b1d-001e8c4d2d80
Error: (10/13/2013 08:56:54 AM) (Source: Application Error)(User: )
Description: FlashUtil32_11_7_700_224_ActiveX.exe11.7.700.22451a67576bitguard.dll2.6.1694.2465253f78ec00000050017966f147c01cec7e00f22aad8C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exec:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dlla4731298-33d4-11e3-8b1d-001e8c4d2d80
Error: (10/13/2013 08:38:23 AM) (Source: Application Error)(User: )
Description: LogitechUpdate.exe2.17.17.04cc0a7bcole32.dll6.1.7601.175144ce7b96fc000000500039342147801cec65a26db2f10C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exeC:\Windows\system32\ole32.dll0e330420-33d2-11e3-8b1d-001e8c4d2d80
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14040
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14040
Error: (10/12/2013 05:51:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042
Error: (10/12/2013 05:51:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/12/2013 05:51:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12044
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3582.49 MB
Available physical RAM: 1944.08 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 4979.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:816.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D86AC070)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Extras.txt Code:
OTL Extras logfile created on: 14.10.2013 20:30:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leemann\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.50 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 62.46% Memory free
7.00 Gb Paging File | 5.19 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 817.05 Gb Free Space | 87.72% Space Free | Partition Type: NTFS
Computer Name: LEEMANN-PC | User Name: Leemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Leemann\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E29D8AF-767A-4C90-8EC6-37F3432C19CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13835A3E-5E14-40DD-B2D9-18D040778484}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15AAD282-83D7-4CA3-8762-2E4E8B306D2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2253DB5C-372F-419B-8F5E-F70FA39A1E20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C5F05CB-F885-47E6-A80F-5A3612FA84AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{2DED6F8B-ACCD-4339-802A-6D94A0737B3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{30A1E894-1A05-4E38-9B51-EA8213D511AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{362C9449-BB65-4B64-8BBB-BB0DD68B4ADE}" = rport=138 | protocol=17 | dir=out | app=system |
"{52DD7E49-92DD-4451-86B4-86517149FEF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57C771F0-D7F0-44FC-AF61-43894967259B}" = lport=139 | protocol=6 | dir=in | app=system |
"{64979AFF-D4CC-42F8-A275-6EA1B61CAD1E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D05D14E-91CE-42D7-B2C4-61CE741EE403}" = rport=139 | protocol=6 | dir=out | app=system |
"{708C121F-BA27-47EC-8470-212326D2C391}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73FB6133-AE2F-4E9B-851F-DCFFF844B30B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77FD1911-2129-4EB4-B272-ABB501556BAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BD08D43-92CD-4B61-83D8-ECEB739E63C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80F43502-19CC-470D-B297-7763E08181A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BD22A25-C029-4CC7-A342-5DD7E3B85F4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A157F27E-79FC-4634-AB18-640FF7F8D443}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8AC574A-9D45-4BF7-B8FC-3AB7C3736EEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B3252A6F-B698-4F13-81DB-056907A740D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7442457-9BD0-4BCC-A501-A5D7FC0AF58F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D7E79ACC-C9CF-4204-A4F2-FE78C0498205}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E539AFBF-8BF0-41DF-B097-84D6DE0ED612}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB86BCB0-3190-4EB5-9BFC-32F311DD62D7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FCC59229-1ABF-4076-A382-EA70992033F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064E769A-BF3D-4C36-A7B7-8BC86A3E7D33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13532865-3306-4269-BEBD-A7C44BF35D6E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1CCA8A7F-F569-4C3F-9414-B9F017E54AC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20E5D7EC-6881-485A-9762-96D14A9CB89F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21023A98-1D38-4328-95E6-ED08FD7EBBC1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{21C6EC88-1125-4DAA-B913-675E63DE75AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2264A58C-EF41-4FA1-A06E-14D5A658619C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{3440BCB1-5201-4AC2-A917-D79AD08CFD37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{392C5C04-8138-4BBF-983A-DF00B56ED6DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{401241E8-1A88-4051-BFA9-E0DC38B7740A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4943426E-301C-4C88-A9AC-125FD7300B93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4A5C3476-DE78-4848-A227-322DE4C67D0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5D9B6E3C-0016-4CF4-8329-B3F18823B6EB}" = protocol=6 | dir=out | app=system |
"{5F75F781-656B-4F2F-AF07-EBF2BECB15B8}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{602D553A-433A-40A2-9EF6-EFEC4D48922A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{668781AE-1C08-443E-8660-FB3482D85B51}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{66AA95DB-A2F7-4FB7-9294-65D3EC985722}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{69A1B000-560E-4264-A17C-6D020355BAC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ADD30AF-50E6-435E-8AE4-BD2A803526DC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{6C7CFB99-803B-4D44-BC30-0D9BE7375038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713E1118-54AE-45FB-BCC3-EE65C9E1A16E}" = protocol=17 | dir=in | app=c:\program files\sonos\sonos.exe |
"{75E4E812-E762-4C76-955B-60047C701ED3}" = protocol=6 | dir=in | app=c:\program files\sonos\sonos.exe |
"{763C4D42-8934-469A-AC83-5AEA72DAD842}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{890F9700-951C-4AA5-B48F-62173C5EA572}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8D4CC993-23F4-44F0-BE98-CAA751AF051F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E6DA9CD-994A-48E0-8702-B0D0C73C800E}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{C27CB495-E6C0-4DF1-920C-A2F2E2DC223C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C78EE388-777E-4AD1-BB22-F703BAE340B3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{CDE17AF0-9FDC-4744-AEEA-D27E01A78775}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CE285190-BC9F-44FE-B1CB-DF35757BBC4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D286DCF9-7860-45BA-BA70-04DFB1C5731D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3FA69BB-5C44-49A5-BECA-893B0FBE7057}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DDFCEE28-2BBD-4CFB-B26D-343A9CA6F44D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6588D0-EDA4-410B-AD15-B2E35591F917}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFDE9A49-9756-4C1B-B963-DDE59B1B726C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{F23280AA-E1CC-4BD6-9BEE-BE394A7DF3E8}" = dir=in | app=c:\users\leemann\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{004F481C-AE54-4590-9B8A-AB9A0E671635}D:\windows\ipconfigurator.exe" = protocol=6 | dir=in | app=d:\windows\ipconfigurator.exe |
"UDP Query User{FEEA8089-CBFF-469E-BB3C-CDE1243A49D0}D:\windows\ipconfigurator.exe" = protocol=17 | dir=in | app=d:\windows\ipconfigurator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0069EF8-0A18-4B53-8D18-697594146D59}" = VMware View Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"4623-6347-5575-7867" = eTax.schwyz 2012 nP 11.0.4
"6753-7911-9438-6061" = Private Tax 2012 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Fisc2012" = Fisc2012
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"ifolor-Designer" = ifolor Designer
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2013 11:51:21 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12044
Error - 12.10.2013 11:51:22 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.10.2013 11:51:22 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13042
Error - 12.10.2013 11:51:22 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13042
Error - 12.10.2013 11:51:23 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.10.2013 11:51:23 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14040
Error - 12.10.2013 11:51:23 | Computer Name = Leemann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14040
Error - 13.10.2013 02:38:23 | Computer Name = Leemann-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LogitechUpdate.exe, Version: 2.17.17.0,
Zeitstempel: 0x4cc0a7bc Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften
Prozesses: 0x1478 Startzeit der fehlerhaften Anwendung: 0x01cec65a26db2f10 Pfad der
fehlerhaften Anwendung: C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: 0e330420-33d2-11e3-8b1d-001e8c4d2d80
Error - 13.10.2013 02:56:54 | Computer Name = Leemann-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67576 Name des fehlerhaften Moduls: bitguard.dll,
Version: 2.6.1694.246, Zeitstempel: 0x5253f78e Ausnahmecode: 0xc0000005 Fehleroffset:
0x0017966f ID des fehlerhaften Prozesses: 0x147c Startzeit der fehlerhaften Anwendung:
0x01cec7e00f22aad8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
Pfad
des fehlerhaften Moduls: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
Berichtskennung:
a4731298-33d4-11e3-8b1d-001e8c4d2d80
Error - 13.10.2013 02:56:58 | Computer Name = Leemann-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil32_11_7_700_224_ActiveX.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67576 Name des fehlerhaften Moduls: bitguard.dll,
Version: 2.6.1694.246, Zeitstempel: 0x5253f78e Ausnahmecode: 0xc0000005 Fehleroffset:
0x0017966f ID des fehlerhaften Prozesses: 0x147c Startzeit der fehlerhaften Anwendung:
0x01cec7e00f22aad8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
Pfad
des fehlerhaften Moduls: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
Berichtskennung:
a6c4a3b8-33d4-11e3-8b1d-001e8c4d2d80
[ System Events ]
Error - 10.10.2013 21:32:03 | Computer Name = Leemann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 11.10.2013 01:30:18 | Computer Name = Leemann-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 14.10.2013 07:51:15 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 07:51:16 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 07:51:16 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 07:51:17 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 07:51:17 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 07:51:24 | Computer Name = Leemann-PC | Source = DCOM | ID = 10016
Description =
Error - 14.10.2013 14:09:02 | Computer Name = Leemann-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 14.10.2013 14:09:02 | Computer Name = Leemann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
OTL.txt Code:
OTL logfile created on: 14.10.2013 20:30:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leemann\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.50 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 62.46% Memory free
7.00 Gb Paging File | 5.19 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 817.05 Gb Free Space | 87.72% Space Free | Partition Type: NTFS
Computer Name: LEEMANN-PC | User Name: Leemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Leemann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Tor\tor.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe (VMware, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - c:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Users\Leemann\AppData\Roaming\okitspace\IE\OKitSpace.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
========== Services (SafeList) ==========
SRV - (tor) -- C:\Program Files\Tor\tor.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (vmware-view-usbd) -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (PIXMCV) -- C:\Windows\System32\drivers\pixmcvc.sys (Pixela)
DRV - (PIXMCVV) -- C:\Windows\System32\drivers\pixmcvv.sys (Pixela)
DRV - (PIXMCVA) -- C:\Windows\System32\drivers\pixmcva.sys (Pixela)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 2B 93 DD F9 89 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_wls&mntrId=C00F0016447C9EC7&affID=121743&tsp=5012
IE - HKCU\..\SearchScopes\{102951FE-7441-4DD0-A070-8CB5E7B24A09}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=88DAC80A-9083-4D73-8EAA-F9ACA6A9B0A8&apn_sauid=8AEC2273-A849-4C20-88C8-A692390B7965
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013.09.21 22:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.09.21 22:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\OKitSpace@Vittalia.es: C:\Users\Leemann\AppData\Roaming\okitspace\Firefox [2013.10.06 12:19:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013.09.21 22:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.09.21 22:44:05 | 000,000,000 | ---D | M]
[2013.09.21 22:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leemann\AppData\Roaming\mozilla\Extensions
[2013.09.21 22:44:05 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\Leemann\AppData\Roaming\mozilla\Extensions\7go@7go.com
[2013.06.22 19:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leemann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.09.21 22:44:05 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Leemann\AppData\Roaming\mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013.04.06 21:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leemann\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013.04.06 21:18:30 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Leemann\AppData\Roaming\mozilla\firefox\profiles\0\extensions\freehdsport@freehdsport.tv.xpi
[2013.04.06 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_din2g&mntrId=C00F0016447C9EC7
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.55142_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggiecmcgkpfmegnobeimepgndgdhbjm\1.0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggiecmcgkpfmegnobeimepgndgdhbjm\1.0_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (OKitSpace) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Leemann\AppData\Roaming\okitspace\IE\OKitSpace.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.98.37.128 194.230.55.99 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35519F0C-4EAD-4D0B-A9C0-1556194CC573}: DhcpNameServer = 212.98.37.128 194.230.55.99 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.10.14 20:28:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leemann\Desktop\OTL.exe
[2013.10.11 03:06:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.10.11 03:06:44 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.10.11 03:06:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.10.11 03:06:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.10.11 03:06:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.10.11 03:06:41 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.10.11 03:06:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.10.11 03:06:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.10.11 03:06:41 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.10.11 03:06:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.10.10 22:09:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.10.10 22:09:45 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.10.10 22:09:40 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.10.10 22:09:40 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.10.10 22:09:39 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013.10.10 22:09:38 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.10 22:09:37 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.10 22:09:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.10.10 22:09:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.10 22:09:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013.10.10 22:09:36 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013.10.10 22:09:35 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.10.06 12:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.10.06 12:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.10.06 12:19:23 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Roaming\okitspace
[2013.09.21 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Roaming\PerformerSoft
[2013.09.21 22:44:29 | 000,017,920 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2013.09.21 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Local\Programs
[2013.09.21 22:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013.09.21 22:44:04 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Roaming\SpeedAnalysis3
[2013.09.21 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Roaming\7Go
[2013.09.21 20:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.09.21 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.09.21 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.09.21 20:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.09.15 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\Leemann\AppData\Local\avgchrome
========== Files - Modified Within 30 Days ==========
[2013.10.14 20:28:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leemann\Desktop\OTL.exe
[2013.10.14 20:14:01 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.14 20:14:01 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.14 20:07:51 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.14 20:06:40 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.14 20:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.14 20:06:09 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.14 13:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.11 03:34:44 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.10.11 03:34:44 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.10.11 03:34:44 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.10.11 03:34:44 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.10.11 03:29:44 | 000,415,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.05 12:53:40 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.09.23 01:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.09.23 01:27:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.23 01:27:49 | 002,876,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.23 01:27:49 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.23 01:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.09.23 01:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.09.23 01:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.09.23 01:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.09.21 20:51:59 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.21 05:30:24 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.21 04:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
========== Files Created - No Company Name ==========
[2013.01.01 20:33:16 | 000,005,120 | ---- | C] () -- C:\Users\Leemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 11:08:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.12.28 11:08:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.09.05 22:11:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.05 21:52:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Files - Unicode (All) ==========
[2013.10.14 20:07:37 | 100,975,419 | ---- | M] ()(C:\Windows\System32\???^) -- C:\Windows\System32\釱᩹^
[2013.10.14 20:07:37 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???^) -- C:\Windows\System32\釱᩹^
[2013.09.07 07:47:23 | 096,496,803 | ---- | M] ()(C:\Windows\System32\???f) -- C:\Windows\System32\Ꮭᅨf
[2013.09.06 08:56:30 | 096,496,803 | ---- | C] ()(C:\Windows\System32\???f) -- C:\Windows\System32\Ꮭᅨf
< End of report >
FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Leemann (administrator) on LEEMANN-PC on 14-10-2013 20:45:49
Running from C:\Users\Leemann\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x202B93DDF989CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_wls&mntrId=C00F0016447C9EC7&affID=121743&tsp=5012
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_wls&mntrId=C00F0016447C9EC7&affID=121743&tsp=5012
SearchScopes: HKCU - {102951FE-7441-4DD0-A070-8CB5E7B24A09} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=88DAC80A-9083-4D73-8EAA-F9ACA6A9B0A8&apn_sauid=8AEC2273-A849-4C20-88C8-A692390B7965
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: OKitSpace - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Leemann\AppData\Roaming\okitspace\IE\OKitSpace.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 212.98.37.128 194.230.55.99 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF Extension: Speed Analysis 3 - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF HKLM\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\Leemann\AppData\Roaming\okitspace\Firefox
FF Extension: OKitSpace - C:\Users\Leemann\AppData\Roaming\okitspace\Firefox
FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF Extension: Speed Analysis 3 - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\Leemann\AppData\Roaming\Mozilla\Extensions\7go@7go.com
Chrome:
=======
CHR Extension: (Ask Toolbar) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.55142_0
CHR Extension: (FreeHDSport.TV) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0
CHR Extension: (YouTube) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (OKitSpace) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggiecmcgkpfmegnobeimepgndgdhbjm\1.0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Leemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files\ATDheNetTVApp.com\stv12.crx
CHR HKLM\...\Chrome\Extension: [mggiecmcgkpfmegnobeimepgndgdhbjm] - C:\Users\Leemann\AppData\Roaming\okitspace\Chrome\OKitSpace.crx
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-07] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-11-20] (VMware, Inc.)
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.)
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472216 2012-12-08] (VMware, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-12] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-11-20] (VMware, Inc.)
S3 PIXMCV; C:\Windows\System32\Drivers\pixmcvc.sys [33792 2004-06-03] (Pixela)
S3 PIXMCVA; C:\Windows\System32\Drivers\pixmcva.sys [38144 2004-03-20] (Pixela)
S3 PIXMCVV; C:\Windows\System32\Drivers\pixmcvv.sys [32768 2004-03-27] (Pixela)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-12] (Avira GmbH)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-11-20] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-14 20:45 - 2013-10-14 20:45 - 00000000 ____D C:\FRST
2013-10-14 20:44 - 2013-10-14 20:44 - 01087213 _____ (Farbar) C:\Users\Leemann\Desktop\FRST.exe
2013-10-14 20:43 - 2013-10-14 20:43 - 00000476 _____ C:\Users\Leemann\Desktop\defogger_disable.log
2013-10-14 20:43 - 2013-10-14 20:43 - 00000000 _____ C:\Users\Leemann\defogger_reenable
2013-10-14 20:41 - 2013-10-14 20:41 - 00050477 _____ C:\Users\Leemann\Desktop\Defogger.exe
2013-10-14 20:40 - 2013-10-14 20:40 - 00056656 _____ C:\Users\Leemann\Desktop\Extras.Txt
2013-10-14 20:38 - 2013-10-14 20:38 - 00062232 _____ C:\Users\Leemann\Desktop\OTL.Txt
2013-10-14 20:28 - 2013-10-14 20:28 - 00602112 _____ (OldTimer Tools) C:\Users\Leemann\Desktop\OTL.exe
2013-10-14 20:07 - 2013-10-14 20:07 - 100975419 _____ C:\Windows\system32\釱᩹^
2013-10-11 03:06 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 03:06 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 03:06 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 03:06 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 03:06 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 03:06 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 03:06 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 22:09 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 22:09 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 22:09 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 22:09 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 22:09 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 22:09 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 22:09 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 22:09 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 22:09 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 22:09 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 22:09 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 22:09 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:09 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 22:09 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 22:09 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 22:09 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 22:09 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 22:09 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 22:09 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 22:09 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 22:09 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 22:09 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 22:09 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 22:09 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 22:09 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 22:09 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 22:09 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-06 12:19 - 2013-10-11 03:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-06 12:19 - 2013-10-06 12:20 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\okitspace
2013-09-21 22:44 - 2013-09-21 23:12 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\PerformerSoft
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\SpeedAnalysis3
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\7Go
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-21 22:44 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\Windows\system32\roboot.exe
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\Program Files\iTunes
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\Program Files\iPod
2013-09-15 14:02 - 2013-09-15 14:02 - 00000000 ____D C:\Users\Leemann\AppData\Local\avgchrome
2013-09-14 15:24 - 2013-10-10 16:42 - 00000000 ____D C:\ProgramData\BitGuard
==================== One Month Modified Files and Folders =======
2013-10-14 20:45 - 2013-10-14 20:45 - 00000000 ____D C:\FRST
2013-10-14 20:45 - 2009-07-14 06:34 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-14 20:45 - 2009-07-14 06:34 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-14 20:44 - 2013-10-14 20:44 - 01087213 _____ (Farbar) C:\Users\Leemann\Desktop\FRST.exe
2013-10-14 20:43 - 2013-10-14 20:43 - 00000476 _____ C:\Users\Leemann\Desktop\defogger_disable.log
2013-10-14 20:43 - 2013-10-14 20:43 - 00000000 _____ C:\Users\Leemann\defogger_reenable
2013-10-14 20:43 - 2012-09-03 19:28 - 00000000 ____D C:\Users\Leemann
2013-10-14 20:42 - 2012-09-04 19:33 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\Skype
2013-10-14 20:41 - 2013-10-14 20:41 - 00050477 _____ C:\Users\Leemann\Desktop\Defogger.exe
2013-10-14 20:40 - 2013-10-14 20:40 - 00056656 _____ C:\Users\Leemann\Desktop\Extras.Txt
2013-10-14 20:38 - 2013-10-14 20:38 - 00062232 _____ C:\Users\Leemann\Desktop\OTL.Txt
2013-10-14 20:38 - 2012-10-14 12:02 - 00000000 ____D C:\Users\Leemann\AppData\Local\Windows Live
2013-10-14 20:28 - 2013-10-14 20:28 - 00602112 _____ (OldTimer Tools) C:\Users\Leemann\Desktop\OTL.exe
2013-10-14 20:24 - 2012-12-28 11:07 - 00000000 ____D C:\Program Files\gs
2013-10-14 20:21 - 2012-10-30 11:08 - 00000000 ____D C:\Firefox
2013-10-14 20:10 - 2012-09-03 17:58 - 01540331 _____ C:\Windows\WindowsUpdate.log
2013-10-14 20:09 - 2013-04-06 21:18 - 00000000 ____D C:\Program Files\ATDheNetTVApp.com
2013-10-14 20:08 - 2012-10-08 18:59 - 00000000 ____D C:\Users\Leemann\AppData\Local\Google
2013-10-14 20:08 - 2012-10-08 18:59 - 00000000 ____D C:\Program Files\Google
2013-10-14 20:07 - 2013-10-14 20:07 - 100975419 _____ C:\Windows\system32\釱᩹^
2013-10-14 20:07 - 2012-10-08 18:59 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 20:06 - 2012-10-08 18:59 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 20:06 - 2012-09-03 19:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-14 20:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 20:06 - 2009-07-14 06:39 - 00031165 _____ C:\Windows\setupact.log
2013-10-14 13:04 - 2012-09-06 23:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 13:50 - 2012-09-06 19:38 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2013-10-11 10:14 - 2012-09-04 19:33 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 10:14 - 2012-09-04 19:33 - 00000000 ____D C:\ProgramData\Skype
2013-10-11 04:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-11 03:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 03:34 - 2012-09-03 18:00 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 03:29 - 2013-10-06 12:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 03:29 - 2009-07-14 06:33 - 00415224 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 03:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-11 03:11 - 2012-09-05 21:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 16:42 - 2013-09-14 15:24 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-10 16:42 - 2012-09-04 07:56 - 00145844 _____ C:\Windows\PFRO.log
2013-10-06 12:20 - 2013-10-06 12:19 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\okitspace
2013-10-06 11:45 - 2013-03-20 20:25 - 00000000 ____D C:\Users\Leemann\AppData\Local\Information Factory
2013-10-05 12:53 - 2012-10-08 18:59 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-23 01:28 - 2013-10-11 03:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-11 03:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-11 03:06 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-11 03:06 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 03:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 23:12 - 2013-09-21 22:44 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\PerformerSoft
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\SpeedAnalysis3
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\7Go
2013-09-21 22:44 - 2013-09-21 22:44 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-21 20:58 - 2012-09-05 20:19 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\Apple Computer
2013-09-21 20:58 - 2012-09-05 20:19 - 00000000 ____D C:\Users\Leemann\AppData\Local\Apple Computer
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\Program Files\iTunes
2013-09-21 20:51 - 2013-09-21 20:51 - 00000000 ____D C:\Program Files\iPod
2013-09-21 20:51 - 2012-10-14 08:16 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-21 20:51 - 2012-09-05 20:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-21 19:45 - 2012-09-05 20:18 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-21 05:30 - 2013-10-11 03:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-11 03:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-20 12:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-20 12:18 - 2013-05-24 12:36 - 00000000 ____D C:\Users\Leemann\AppData\Roaming\VMware
2013-09-15 14:02 - 2013-09-15 14:02 - 00000000 ____D C:\Users\Leemann\AppData\Local\avgchrome
2013-09-14 02:48 - 2013-10-10 22:09 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
Some content of TEMP:
====================
C:\Users\Leemann\AppData\Local\Temp\665fInstaller.exe
C:\Users\Leemann\AppData\Local\Temp\APNStub.exe
C:\Users\Leemann\AppData\Local\Temp\AskSLib.dll
C:\Users\Leemann\AppData\Local\Temp\i4jdel0.exe
C:\Users\Leemann\AppData\Local\Temp\instloffer.exe
C:\Users\Leemann\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Leemann\AppData\Local\Temp\ose00000.exe
C:\Users\Leemann\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Leemann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leemann\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 00:45
==================== End Of Log ============================
--- --- ---
--- --- ---
GMER.txt Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-14 21:06:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.01.0 931.51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leemann\AppData\Local\Temp\uxdiafoc.sys
---- System - GMER 2.1 ----
SSDT 92288FBE ZwCreateSection
SSDT 92288FC8 ZwRequestWaitReplyPort
SSDT 92288FC3 ZwSetContextThread
SSDT 92288FCD ZwSetSecurityObject
SSDT 92288FD2 ZwSystemDebugControl
SSDT 92288F5F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C79A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB3212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CBA58C 4 Bytes [BE, 8F, 28, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CBA8E8 4 Bytes [C8, 8F, 28, 92] {ENTER 0x288f, 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CBA92C 4 Bytes [C3, 8F, 28, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CBA9A8 4 Bytes [CD, 8F, 28, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CBA9FC 4 Bytes [D2, 8F, 28, 92]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[368] USER32.dll!DialogBoxParamW 77D93B9B 5 Bytes JMP 759946B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\schtasks.exe[444] USER32.dll!DialogBoxParamW 77D93B9B 5 Bytes JMP 759946B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\wininit.exe[452] USER32.dll!DialogBoxParamW 77D93B9B 5 Bytes JMP 759946B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\services.exe[504] USER32.dll!DialogBoxParamW 77D93B9B 5 Bytes JMP 759946B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\lsass.exe[512] USER32.dll!DialogBoxParamW 77D93B9B 5 Bytes JMP 759946B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\usbohci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-2 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-3 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-4 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys
Device \Driver\usbhub \Device\00000071 hcmon.sys
Device \Driver\usbhub \Device\00000064 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys
Device \Driver\usbhub \Device\00000065 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\00000075 hcmon.sys
Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys
---- EOF - GMER 2.1 ----
Hoffe jetzt passt's.....
Grüsse
Patrick |
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
