| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Smart Fortress 2012 auf Windows 7 Professional (32bit)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.05.2012, 14:27
| #1 |
 |  Smart Fortress 2012 auf Windows 7 Professional (32bit) Hallo zusammen, ich habe mir soeben scheinbar einen "Smart Fortress 2012" Trojaner eingefangen.  Die Anweisungen zum entfernen hier habe ich erfolgreich durchführen können. Zur weitergehenden Prüfung möchte ich mich dennoch nochmal an euch wenden, um sicher zu gehen, dass tatsächlich alles entfernt wurde. Hier die OTL-Logfiles nachdem ich das System bereinigt habe: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.05.2012 14:39:09 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,89% Memory free 4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,87 Gb Total Space | 75,67 Gb Free Space | 34,26% Space Free | Partition Type: NTFS Computer Name: ***-NB | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\dvd43\DVD43_Tray.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\bd5179a413bc0c4b82eedc22c6cab101\re.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\93e7e3d6030f426844228042348210cf\Service.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\eb138ef0e4282611dbf485a302784646\LibYAML.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\e56c61f7248672819579325af3387035\POSIX.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\f233f63b6654362865c7577442edb9e3\Win32.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll () MOD - C:\Users\***\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\4461f48e31bde5c56b31b973b773de09\List.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\c5cce8d16a1bd48692b421dcf46d3396\Util.dll () MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll () MOD - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wgui12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wcore12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wauff12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wfvie12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wreli12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wsteu12.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCLuceners47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\phononrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtWebKitrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtTestrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtScriptrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\Qt3Supportrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSqlrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSvgrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtXmlrs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtGuirs47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCorers47.dll () MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtNetworkrs47.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Notepad++\NppShell_04.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\PROGRA~2\PSPADE~1\PSPADS~1.DLL () MOD - C:\Program Files\dvd43\DVD43_Tray.exe () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (DCSLoader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (iaNvStor) Intel(R) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (VirtualCam) -- C:\Windows\System32\drivers\VirtualCam.sys (MorningSound Co., Ltd.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B9 1F BB 9B A7 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 21:03:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.11 15:17:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.20 13:19:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.23 09:41:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 12:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 18:44:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.18 21:21:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.23 09:41:54 | 000,000,000 | ---D | M] [2011.10.07 18:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.03 12:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions [2012.05.03 12:15:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.05.03 12:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI () (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\PIXELZOOMER@MATTHIASSCHUETZ.COM.XPI [2012.05.03 12:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.04 16:05:51 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: OWOK (Enabled) = C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: Ping Pong = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjehnmbocckbifckfegbkieblkipjmp\2.0_0\ CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: Paper Toss = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl\2.3_0\ O1 HOSTS File: ([2011.12.30 12:39:09 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 testshop.de O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe () O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D44890-344E-4005-8134-6C067B94A733}: DhcpNameServer = 10.153.194.236 10.153.70.100 10.153.72.236 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA500EF-216D-4E40-B9F3-6C889750D649}: NameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.03 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.03 12:51:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.03 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B [2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.03 10:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TV Welling [2012.05.03 09:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.05.03 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.05.03 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.04.29 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\***\Photoshop [2012.04.29 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu [2012.04.29 10:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu [2012.04.29 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu [2012.04.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenIndex [2012.04.25 17:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate [2012.04.25 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenEstate-ImmoTool [2012.04.24 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity [2012.04.24 18:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2012.04.24 18:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2012.04.24 18:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder [2012.04.24 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder [2012.04.23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GHISLER [2012.04.20 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.20 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.04.20 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.04.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\***\Adobe Flash Builder 4.5 [2012.04.20 13:24:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Artisteer [2012.04.20 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2012.04.20 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3 [2012.04.20 13:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3 [2012.04.20 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Web Premium CS5.5 [2012.04.20 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.04.20 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2012.04.13 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.04.13 08:34:56 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2012.04.12 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.04.12 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.11 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 09:04:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 09:04:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 09:04:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 08:59:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 08:59:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.04.10 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2012.04.10 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2012.04.10 17:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.04.10 14:32:48 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2012.04.09 23:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IrfanView [2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2012.04.08 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live [2012.04.08 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2012.04.04 07:53:58 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll [2012.04.04 07:53:56 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.03 14:38:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.03 14:38:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.03 14:35:04 | 000,690,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.03 14:35:04 | 000,645,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.03 14:35:04 | 000,139,904 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.03 14:35:04 | 000,114,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.03 14:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.03 14:29:38 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2012.05.03 12:51:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.03 12:13:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.03 11:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000UA.job [2012.04.29 17:19:31 | 004,046,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.28 19:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000Core.job [2012.04.24 11:09:10 | 000,003,412 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.04.14 10:13:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.14 10:13:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.04 07:53:58 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll [2012.04.04 07:53:56 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.03 12:51:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.24 18:24:09 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.04.24 11:09:10 | 000,003,412 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.04.23 18:08:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.04.20 13:23:29 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2012.04.20 13:23:29 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2012.04.20 13:19:47 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012.04.20 13:15:46 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.04.20 10:25:04 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.03.08 10:21:00 | 000,000,536 | ---- | C] () -- C:\Windows\wiso.ini [2012.02.20 17:38:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.30 18:18:52 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.11.04 12:13:07 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.10.27 17:24:46 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2011.10.15 17:30:02 | 000,000,175 | ---- | C] () -- C:\Windows\OPHA.INI [2011.10.10 22:27:54 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.09 10:22:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.10.08 11:43:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.10.08 11:43:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.10.07 15:19:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== LOP Check ========== [2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient [2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer [2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH [2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1 [2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5 [2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.05.03 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut [2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL [2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu [2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena [2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex [2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA [2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator [2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.04.10 11:53:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.05.2012 14:39:09 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,89% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,87 Gb Total Space | 75,67 Gb Free Space | 34,26% Space Free | Partition Type: NTFS
Computer Name: ***-NB | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D1E334-00A3-41C0-9110-E239641CC583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18D2CA0E-4229-4DBF-90B1-D5E50FC8AFB6}" = lport=137 | protocol=17 | dir=in | app=system |
"{2643F1ED-7DF3-43A7-A080-2B23B44C21F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B07572A-873E-46C5-BDA7-36451EB73986}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C9DD68D-D9BC-4919-A93D-80467F673C6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FBF2B16-0FA5-40CF-BCB0-F3FB2D290FB0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36C1495C-3EEC-4339-8E6F-04794CCAB879}" = rport=137 | protocol=17 | dir=out | app=system |
"{460A6032-07A9-4740-BA0D-C8CB95942D41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{489B499F-3D3A-415B-A37D-D540471EF195}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56D88E73-8824-4635-9F59-42CD96579F89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59DC2DCE-116B-4C57-9A0D-5F5302619D31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67018766-41B0-4D7A-ACDC-4B64EAA1B243}" = lport=138 | protocol=17 | dir=in | app=system |
"{77679A05-3222-49B5-BFD5-8ECC5C5D2382}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7AC8762F-B1FA-4547-99DD-D97F1B3BD5BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C1563E5-163A-43F2-BDFF-D4ED8A9C0A14}" = rport=138 | protocol=17 | dir=out | app=system |
"{91344D0F-3ADC-449B-96CE-A3DA0207F674}" = rport=139 | protocol=6 | dir=out | app=system |
"{A1C03D04-35A3-4B42-97B5-22E4F658D9E0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AFCDE220-424B-41C8-BF9D-A9250B6BCDCA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{BAEB47DF-0F72-42C7-9BB9-625ED2C27F5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD351B04-2E0D-45D5-B83E-EBDC43A238A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE9F50B3-5A50-4623-924C-312946A7A7CB}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{D75055B3-BE09-40FC-8D08-2BDA8790DC2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB8C9CCD-4C5B-4D0F-BA0F-9430F3BE0F02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE0DB673-238E-4501-B1A8-C41A5E71ACC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E43F9601-A27F-468D-8BA4-73D4CDF6FDB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE9F278B-E58C-495B-83FA-381CD27CEAD9}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277AFE0-E53D-4B40-9C66-08FA6FADFA79}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{15B8EB5D-BC6A-4326-A68D-753BF0EBADA0}" = protocol=6 | dir=out | app=system |
"{24E7BB5F-1504-4A10-8A38-FF3B2C0A472F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2C746E7C-665F-431D-90B8-ADF3A0802E78}" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D159141-A9ED-4436-BFC0-17B686765301}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DCAC0E4-3AEA-4DF2-A80B-9695BA94F8A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40F114A1-E791-4FB5-BA43-6452056FF176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41862E03-D9E6-4261-A291-E9C598E54BE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4752E560-3BFA-4809-854E-6DDC27F2AE9D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4CB659B8-7FED-4E68-A177-4791D9ED71FE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{51FB169B-B21D-4696-B041-E7B1CE51708B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{55734C8A-5E2F-4783-A18B-BB8E4EAE4000}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61E69AF6-3997-4C68-9D3F-473A9A2ACF38}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{749FDCB5-315D-4F29-B057-9A77151B098D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD58ED2-56AA-4614-B991-A2038F82DED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A7353B2-8B13-407F-A691-813E8F5D51FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E5EA689-17D5-4333-ADCA-74533D440BBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F7B56BE-84FF-49E1-AF32-E1D9924D4135}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{90CF2DA0-F362-4595-8C59-CF66BA173087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93043B53-3B93-4417-BC4E-5B2AE1A17BFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A89A0DC2-524B-40C9-835A-7FA8C4C32CB2}" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A89A5ED0-8D38-416F-8783-9C29299B8929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC3AA4AB-0167-49D7-B922-ED43A5CE4367}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{B5FA05C1-7510-45D7-BA8F-7CFFEFD685C6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{B7334F0C-DEFB-496E-8725-5BC67DA2E934}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{BACFB37C-527C-4FE3-AC4D-999011C67C72}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{BB34011A-103C-492C-BBDA-A6CE046E12B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBA75C41-4A1F-4FE7-B3F9-50C8133D43FF}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{BE4770BB-5D90-42EC-B95F-96D068EAD477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C751ADD7-6BCF-4380-9734-FF469C4E9CC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEA94DEC-AF29-4A74-8554-2131D7D029C7}" = protocol=17 | dir=in | app=c:\Users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D4B63564-F1A0-44B8-A9EF-0EE8E7E0A9CE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA44DFBD-EA7C-423A-AB29-8B2C76FB86E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DE52004C-82DC-47A4-914D-66A41ADDA4FA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E4637F05-0A8E-4195-A6E4-218307528B6A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EFC98F46-77E4-4C48-A2BE-43515DD8A9BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1EB4043-80C3-49A3-A1FF-78133DC5E086}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4412FD6-6A96-43A4-8017-71403DD27C2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F4AFBA61-97B2-4026-B3BC-B856325E1D7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5E99228-B9A3-4A62-98CB-08633FC235CD}" = protocol=6 | dir=in | app=c:\Users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0C547764-8A3A-44E5-9577-F836CA1AC6EF}C:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1F506D03-F687-4D0A-8317-96DDC7032233}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"TCP Query User{23D9A46A-424B-4E7E-9849-EB9A25A853C2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{24694A8F-48A2-4A7C-87F7-C17C7F0DFF43}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{29B28870-BD61-4AB4-ABE2-B8D237E6E7E9}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{33622CB6-09EE-43DC-B3DC-2A079BE7E3B2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{42EC8DB0-8413-4452-BE96-117858F532E4}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{68D3D9E3-6C51-47E2-A792-DDE41360F7F6}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7429A717-5610-43CE-A9F9-E42AA56BAAD3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7798802C-EEB8-4938-B2A8-B849E3541A90}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{867803E0-28ED-4513-8E56-CC0560FFC4CD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8ABE8C7C-E855-4B7A-94F6-FF4146AC0BCE}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A64CC3C5-64C4-40A2-AC68-86935C6AF89D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A8E88279-4BCE-4507-8911-C689D71D2D52}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B7554DBE-F7A7-4A8A-9E40-DACE916AEAE6}C:\program files\openarena-0.8.8\openarena.exe" = protocol=6 | dir=in | app=c:\program files\openarena-0.8.8\openarena.exe |
"TCP Query User{DBEA43DA-5546-4977-A4EB-9338AA325D2C}C:\Users\***\desktop\openarena-0.8.8\openarena.exe" = protocol=6 | dir=in | app=c:\Users\***\desktop\openarena-0.8.8\openarena.exe |
"TCP Query User{E664AC10-2388-4123-9173-94E4B35555ED}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{F77EA495-F64C-4995-8F3C-A128B8F194C2}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0843CAD7-BE08-488D-945D-32C7DE340A66}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{121C019E-CF28-4497-BB39-BDE9152EE563}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{13F6A78A-1189-4BAB-BD52-098254BA3F9B}C:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{195A0948-0CEA-4A61-B2AE-2494B7F4AFA7}C:\program files\openarena-0.8.8\openarena.exe" = protocol=17 | dir=in | app=c:\program files\openarena-0.8.8\openarena.exe |
"UDP Query User{26A1BCD0-82D3-4010-8BDE-FAA2320C20EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3297708E-F599-49FA-9B19-86404C09E2AC}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{3AB2F504-FC0D-40E3-A616-184389875811}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4F028160-AF8F-419D-ADD5-215277704398}C:\Users\***\desktop\openarena-0.8.8\openarena.exe" = protocol=17 | dir=in | app=c:\Users\***\desktop\openarena-0.8.8\openarena.exe |
"UDP Query User{65F25323-06B1-4DE0-B014-2601DEA7BCFD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6C5D760E-39D7-42F3-9CED-9C87738D35FF}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{78A3C9F6-3DC9-4D0F-91A5-27A2B2E49331}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8F05C83A-230E-4B7C-BEF6-AB79F5ED7402}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{92291305-E39C-47E6-B260-23CED849AE94}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9EC817C9-2DEE-4827-8578-1F4F11FE7FA4}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{AC23EC3C-F514-4AAF-9E27-475ADBBC0B3B}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C2978CE0-DCE0-4E7E-A576-6C06F28DF216}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EEF1F265-E58A-4163-B6DE-D8C8E27AA94C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F9CA384C-222F-41AC-9F72-FCE12548706B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D0EB043-73A9-B71E-BA0B-1F6126BD2524}" = Napster 5.0 Beta
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD60254-35B7-4915-862B-26847C9FE8DE}" = Tunebite
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86FA7865-F1BB-4BDA-B296-4120684A692C}" = WISO Mein Geld 2012 Standard
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{944322AF-5D21-43F7-87DE-06BB30A1C369}" = MySQL Workbench 5.2 CE
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{971CD5D9-FF9E-474F-8364-704DF9B4FCA6}" = pdfforge Toolbar v5.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}" = Adobe Creative Suite 5.5 Web Premium
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB5E57BD-2E5E-4EF4-A7AE-08CB03102E06}" = MAGIX Music Maker Silver
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"2ADF4484850200A062B66ED19240994480D85943" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Android SDK Tools" = Android SDK Tools
"Artisteer 3" = Artisteer 3
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD43_is1" = DVD43 v4.6.0
"ElsterFormular 12.4.1.7699k" = ElsterFormular
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HandBrake" = HandBrake 0.9.6
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IrfanView" = IrfanView (remove only)
"Jingle Palette" = Jingle Palette 4.4.5
"Logitech Media Server_is1" = Logitech Media Server 7.7.0
"MAGIX_{BB5E57BD-2E5E-4EF4-A7AE-08CB03102E06}" = MAGIX Music Maker Silver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PSPad editor_is1" = PSPad editor
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteControl for Winamp1.00" = RemoteControl for Winamp
"SopCast" = SopCast 3.4.8
"sp6" = Logitech SetPoint 6.32
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WISO Mein Geld 2012 Standard" = WISO Mein Geld 2012 Standard
"xampp" = XAMPP 1.7.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1029
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1029
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3026
Error - 02.04.2012 10:50:43 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ Media Center Events ]
Error - 21.01.2012 15:58:11 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:58:11 - Fehler beim Herstellen der Internetverbindung. 20:58:11
- Serververbindung konnte nicht hergestellt werden..
Error - 21.01.2012 15:58:19 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:58:16 - Fehler beim Herstellen der Internetverbindung. 20:58:16
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 12:54:06 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 17:54:06 - Fehler beim Herstellen der Internetverbindung. 17:54:06
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 12:54:14 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 17:54:11 - Fehler beim Herstellen der Internetverbindung. 17:54:11
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 13:54:18 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 18:54:18 - Fehler beim Herstellen der Internetverbindung. 18:54:18
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 13:54:23 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 18:54:23 - Fehler beim Herstellen der Internetverbindung. 18:54:23
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 14:54:58 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 19:54:57 - Fehler beim Herstellen der Internetverbindung. 19:54:58
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 14:55:27 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 19:55:27 - Fehler beim Herstellen der Internetverbindung. 19:55:27
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 15:56:02 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:56:02 - Fehler beim Herstellen der Internetverbindung. 20:56:02
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 15:56:31 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:56:31 - Fehler beim Herstellen der Internetverbindung. 20:56:31
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 26.02.2012 03:30:42 | Computer Name = ***-NB | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?02.?2012 um 21:13:06 unerwartet heruntergefahren.
Error - 26.02.2012 05:57:41 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 26.02.2012 05:57:41 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 26.02.2012 08:50:51 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 26.02.2012 08:50:51 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.02.2012 06:30:40 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.02.2012 06:30:40 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.02.2012 06:41:10 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.02.2012 07:31:04 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.02.2012 07:31:04 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Ist mein System jetzt wieder sauber? |
|
03.05.2012, 18:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Smart Fortress 2012 auf Windows 7 Professional (32bit) Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
03.05.2012, 19:24
| #3 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Hallo cosinus,
__________________vielen Dank für deine Antwort. Hier schon mal die erste Malwarebyte Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.03.02 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ***-NB [Administrator] 03.05.2012 12:52:52 mbam-log-2012-05-03 (12-52-52).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 642722 Laufzeit: 1 Stunde(n), 34 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F4D55F170001619A000AE1ADB4EB238B (Trojan.LameShield) -> Daten: C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\F4D55F170001619A000AE1ADB4EB238B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\F4D55F170001619A000AE1ADB4EB238B.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-2451510392-3483582798-355726404-1000\$RTN2P0N.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1439b173-36d3be7a (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hallo cosinus, hier der Vollscan durch Malwarebyte, nachdem das System im abgesicherten Modus bereinigt wurde: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-NB [Administrator] Schutz: Aktiviert 03.05.2012 23:38:39 mbam-log-2012-05-03 (23-38-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519628 Laufzeit: 2 Stunde(n), 32 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=316d870ca0d6fd4c92264c854057fb30
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-03 11:30:48
# local_time=2012-05-04 01:30:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18072907 18072907 0 0
# compatibility_mode=5893 16776573 100 94 1953 87700343 0 0
# compatibility_mode=8192 67108863 100 0 1351 1351 0 0
# scanned=326430
# found=1
# cleaned=0
# scan_time=18696
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
|
|
04.05.2012, 09:01
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2012, 09:05
| #5 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Zu 1.: Der normale Modus läuft uneingeschränkt. Zu 2.: Das Startmenü sieht auf den ersten Blick eigentlich normal aus. Dort war nur der Smart Fortress Ordner samt Verknüpfung. Den habe ich aber manuell gelöscht. Die Desktopverknüpfung habe ich auch gelöscht. |
|
04.05.2012, 09:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit) Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Smart Fortress 2012 auf Windows 7 Professional (32bit) |
|
04.05.2012, 10:20
| #7 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Hier die Log-Datei: Code:
ATTFilter OTL logfile created on: 04.05.2012 10:40:58 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,27% Memory free
4,00 Gb Paging File | 2,68 Gb Available in Paging File | 67,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,87 Gb Total Space | 92,11 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
Computer Name: ***-NB | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\93e7e3d6030f426844228042348210cf\Service.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\bd5179a413bc0c4b82eedc22c6cab101\re.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\eb138ef0e4282611dbf485a302784646\LibYAML.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\e56c61f7248672819579325af3387035\POSIX.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\f233f63b6654362865c7577442edb9e3\Win32.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\4461f48e31bde5c56b31b973b773de09\List.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\c5cce8d16a1bd48692b421dcf46d3396\Util.dll ()
MOD - C:\Users\***\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()
MOD - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wgui12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wcore12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wauff12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wfvie12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wreli12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wsteu12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCLuceners47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\phononrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtWebKitrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtTestrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtScriptrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\Qt3Supportrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSqlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSvgrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtXmlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtGuirs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCorers47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtNetworkrs47.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
========== Win32 Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (DCSLoader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (VirtualCam) -- C:\Windows\System32\drivers\VirtualCam.sys (MorningSound Co., Ltd.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B9 1F BB 9B A7 CC 01 [binary data]
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 21:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.11 15:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.20 13:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.23 09:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 12:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.03 22:52:06 | 000,000,000 | ---D | M]
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.04 08:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions
[2012.05.03 21:03:28 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.03 12:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\PIXELZOOMER@MATTHIASSCHUETZ.COM.XPI
[2012.05.03 12:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: OWOK (Enabled) = C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Ping Pong = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjehnmbocckbifckfegbkieblkipjmp\2.0_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Paper Toss = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl\2.3_0\
O1 HOSTS File: ([2012.03.30 15:22:58 | 000,601,715 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16118 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LWI.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D44890-344E-4005-8134-6C067B94A733}: DhcpNameServer = 10.153.194.236 10.153.70.100 10.153.72.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA500EF-216D-4E40-B9F3-6C889750D649}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37984A42-08A5-501D-D7E3-8E393C247201} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.05.03 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012.05.03 23:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2012.05.03 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.03 22:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.03 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2012.05.03 21:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.05.03 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 12:51:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 10:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TV Welling
[2012.04.29 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\***\Photoshop
[2012.04.29 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu
[2012.04.29 10:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2012.04.29 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu
[2012.04.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.04.25 17:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
[2012.04.25 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenEstate-ImmoTool
[2012.04.24 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.04.24 18:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.04.23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GHISLER
[2012.04.20 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.04.20 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.04.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\***\Adobe Flash Builder 4.5
[2012.04.20 13:24:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.20 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.04.20 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Web Premium CS5.5
[2012.04.20 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.20 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012.04.13 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.04.13 08:34:56 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.04.12 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.12 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.10 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.04.10 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.04.08 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2012.04.08 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.05.04 10:35:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 10:35:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 10:33:17 | 000,690,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.04 10:33:17 | 000,645,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.04 10:33:17 | 000,139,904 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.04 10:33:17 | 000,114,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.04 10:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 10:27:15 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.04 10:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.04 09:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000UA.job
[2012.05.03 21:56:01 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.03 19:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000Core.job
[2012.04.29 17:19:31 | 004,046,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.24 11:09:10 | 000,003,412 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.05.03 21:56:01 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.03 21:56:00 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.04.24 11:09:10 | 000,003,412 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.04.23 18:08:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.20 13:23:29 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.04.20 13:23:29 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.04.20 13:19:47 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.04.20 13:15:46 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.04.20 10:25:04 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.03.08 10:21:00 | 000,000,536 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.20 17:38:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.30 18:18:52 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.11.04 12:13:07 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.10.27 17:24:46 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.10.15 17:30:02 | 000,000,175 | ---- | C] () -- C:\Windows\OPHA.INI
[2011.10.10 22:27:54 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 10:22:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.08 11:43:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.08 11:43:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.10.07 15:19:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
========== LOP Check ==========
[2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient
[2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5
[2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.04 10:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena
[2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA
[2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.29 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\yyy\AppData\Roaming\Spotify
[2012.01.01 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service
[2012.01.09 17:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service GmbH
[2012.03.30 10:27:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.Rhapsody.Napster5
[2012.01.01 14:08:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.01.04 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OPHA
[2011.10.25 08:10:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012.04.10 11:53:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.05.03 23:06:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient
[2012.04.20 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.10.07 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5
[2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.26 12:04:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.05.04 10:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.03.21 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.03.06 11:35:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.10.07 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.10.07 14:36:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.10.07 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2011.10.07 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2011.10.27 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.12 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.10 19:58:55 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.07 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena
[2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA
[2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.04.16 10:18:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PSpad
[2012.02.11 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.10.12 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.03 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2012.04.14 12:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.12.17 15:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.10.29 13:04:43 | 002,834,432 | ---- | M] (DOSBox Team) -- C:\Users\***\AppData\Roaming\AppClient\Dosbox\dosbox.exe
[2011.10.29 13:04:44 | 000,102,730 | ---- | M] () -- C:\Users\***\AppData\Roaming\AppClient\Packages\Commander-Keen-4\keen4e.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.08 10:38:10 | 005,199,808 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.03.08 10:33:07 | 009,812,368 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.03.08 10:33:57 | 006,232,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.03.08 10:35:46 | 005,933,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.03.08 10:34:55 | 005,861,416 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.03.08 10:38:57 | 005,268,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.03.08 10:39:45 | 005,430,712 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.03.08 10:36:36 | 005,836,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.03.08 10:37:22 | 005,368,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.03.08 10:40:35 | 005,276,616 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.03.08 10:41:27 | 004,794,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7699_8479.exe
[2012.03.08 10:42:17 | 004,797,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7699_8479.exe
[2012.03.08 10:43:06 | 008,537,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7699_8479.exe
[2012.03.08 10:43:53 | 007,467,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7699_8479.exe
[2012.03.08 10:44:36 | 004,889,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7699_8479.exe
[2012.03.08 10:45:20 | 004,898,024 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_7699_8479.exe
[2012.03.08 10:47:16 | 004,819,920 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_7699_8479.exe
[2012.03.08 10:47:55 | 004,821,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_7699_8479.exe
[2012.03.08 10:45:58 | 004,823,864 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_7699_8479.exe
[2012.03.08 10:46:36 | 004,824,472 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_7699_8479.exe
[2012.03.08 10:48:35 | 004,811,760 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7699_8479.exe
[2012.03.08 10:49:14 | 004,807,744 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7699_8479.exe
[2012.03.08 10:49:56 | 004,877,040 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_7699_8479.exe
[2012.03.08 10:50:36 | 004,887,696 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_7699_8479.exe
[2012.03.08 10:51:17 | 005,218,808 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_7699_8479.exe
[2012.03.08 10:51:57 | 005,219,736 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_7699_8479.exe
[2012.03.08 10:31:56 | 012,356,048 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7699_8479.exe
[2012.03.08 10:53:57 | 004,824,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7699_8479.exe
[2012.03.08 10:54:40 | 004,837,160 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7699_8479.exe
[2012.03.08 10:52:37 | 004,837,800 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_7699_8479.exe
[2012.03.08 10:53:17 | 004,855,136 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_7699_8479.exe
[2012.04.05 16:47:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.08 11:23:34 | 015,154,600 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.04.01 12:23:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.04.01 12:23:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.04.01 12:23:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.22 07:57:00 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.02.22 07:57:04 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.02.22 07:57:06 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.04.01 12:23:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.04.01 12:23:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.02.22 07:57:10 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.04.01 12:23:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.02.22 07:57:12 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012.01.31 11:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2012.03.27 15:26:41 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\spotify.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\***\AppData\Roaming\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: IASTOR.SYS >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\Temp\IIF2\Winall\Driver64\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\Temp\IIF2\Winall\Driver\IaStor.sys
< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >
|
|
04.05.2012, 10:33
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 10:36
| #9 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Nein, nicht wirklich. Ist ein Privatrechner, der durchaus mal im RWE-Lan gewesen sein könnte.  |
|
04.05.2012, 10:36
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 10:41
| #11 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Ja, er war mal als Gastzugang im Netz. |
|
04.05.2012, 10:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - user.js - File not found
[2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe
[2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 10:58
| #13 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Hier die Log-Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}\ not found.
HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
File E:\Autoplay.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\StartViewer.exe not found.
Folder C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: xxx
->Temp folder emptied: 311794747 bytes
->Temporary Internet Files folder emptied: 140215794 bytes
->Java cache emptied: 7749409 bytes
->FireFox cache emptied: 55139456 bytes
->Google Chrome cache emptied: 13221714 bytes
->Flash cache emptied: 15215559 bytes
User: zzz
->Temp folder emptied: 1562155 bytes
->Temporary Internet Files folder emptied: 100016798 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58476 bytes
User: yyy
->Temp folder emptied: 49798663 bytes
->Temporary Internet Files folder emptied: 405669265 bytes
->Java cache emptied: 115578 bytes
->FireFox cache emptied: 122311166 bytes
->Flash cache emptied: 126166 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5262748 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2294056873 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.359,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Flash cache emptied: 0 bytes
User: xxx
->Flash cache emptied: 0 bytes
User: zzz
->Flash cache emptied: 0 bytes
User: yyy
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05042012_114723
Files\Folders moved on Reboot...
File\Folder C:\Users\yyy\AppData\Local\Temp\OICE_827E6CEB-1362-467E-9208-BAD005D77AF9.0\25A58E5. not found!
Registry entries deleted on Reboot...
|
|
04.05.2012, 11:55
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 auf Windows 7 Professional (32bit) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 12:04
| #15 |
| | Smart Fortress 2012 auf Windows 7 Professional (32bit) Hier die Log-Datei: Code:
ATTFilter 12:57:31.0836 2764 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
12:57:32.0148 2764 ============================================================
12:57:32.0148 2764 Current date / time: 2012/05/04 12:57:32.0148
12:57:32.0148 2764 SystemInfo:
12:57:32.0148 2764
12:57:32.0148 2764 OS Version: 6.1.7601 ServicePack: 1.0
12:57:32.0148 2764 Product type: Workstation
12:57:32.0148 2764 ComputerName: ***-NB
12:57:32.0148 2764 UserName: ***
12:57:32.0148 2764 Windows directory: C:\Windows
12:57:32.0148 2764 System windows directory: C:\Windows
12:57:32.0148 2764 Processor architecture: Intel x86
12:57:32.0148 2764 Number of processors: 2
12:57:32.0148 2764 Page size: 0x1000
12:57:32.0148 2764 Boot type: Normal boot
12:57:32.0148 2764 ============================================================
12:57:33.0506 2764 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:57:33.0537 2764 ============================================================
12:57:33.0537 2764 \Device\Harddisk1\DR1:
12:57:33.0537 2764 MBR partitions:
12:57:33.0537 2764 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x1B9BE761
12:57:33.0537 2764 ============================================================
12:57:33.0537 2764 C: <-> \Device\Harddisk1\DR1\Partition0
12:57:33.0568 2764 ============================================================
12:57:33.0568 2764 Initialize success
12:57:33.0568 2764 ============================================================
12:57:42.0273 2876 ============================================================
12:57:42.0273 2876 Scan started
12:57:42.0273 2876 Mode: Manual; SigCheck; TDLFS;
12:57:42.0273 2876 ============================================================
12:57:43.0068 2876 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:57:43.0256 2876 1394ohci - ok
12:57:43.0271 2876 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:57:43.0287 2876 ACPI - ok
12:57:43.0318 2876 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:57:43.0380 2876 AcpiPmi - ok
12:57:43.0380 2876 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:57:43.0396 2876 AdobeARMservice - ok
12:57:43.0724 2876 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:57:43.0755 2876 AdobeFlashPlayerUpdateSvc - ok
12:57:43.0833 2876 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:57:43.0911 2876 adp94xx - ok
12:57:43.0942 2876 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:57:43.0973 2876 adpahci - ok
12:57:44.0004 2876 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:57:44.0036 2876 adpu320 - ok
12:57:44.0067 2876 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:57:44.0114 2876 AeLookupSvc - ok
12:57:44.0145 2876 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:57:44.0270 2876 AFD - ok
12:57:44.0394 2876 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:57:44.0426 2876 agp440 - ok
12:57:44.0457 2876 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:57:44.0519 2876 aic78xx - ok
12:57:44.0535 2876 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:57:44.0597 2876 ALG - ok
12:57:44.0660 2876 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:57:44.0722 2876 aliide - ok
12:57:44.0800 2876 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
12:57:44.0909 2876 AMD External Events Utility - ok
12:57:44.0972 2876 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:57:45.0018 2876 amdagp - ok
12:57:45.0050 2876 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:57:45.0065 2876 amdide - ok
12:57:45.0128 2876 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:57:45.0206 2876 AmdK8 - ok
12:57:45.0237 2876 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:57:45.0299 2876 AmdPPM - ok
12:57:45.0346 2876 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:57:45.0393 2876 amdsata - ok
12:57:45.0424 2876 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:57:45.0471 2876 amdsbs - ok
12:57:45.0486 2876 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:57:45.0502 2876 amdxata - ok
12:57:45.0518 2876 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:57:45.0533 2876 AntiVirSchedulerService - ok
12:57:45.0533 2876 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:57:45.0549 2876 AntiVirService - ok
12:57:45.0596 2876 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:57:45.0752 2876 AppID - ok
12:57:45.0767 2876 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:57:45.0814 2876 AppIDSvc - ok
12:57:45.0830 2876 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:57:45.0861 2876 Appinfo - ok
12:57:45.0876 2876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:57:45.0892 2876 Apple Mobile Device - ok
12:57:45.0939 2876 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:57:45.0986 2876 AppMgmt - ok
12:57:46.0032 2876 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:57:46.0048 2876 arc - ok
12:57:46.0064 2876 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:57:46.0079 2876 arcsas - ok
12:57:46.0110 2876 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:46.0251 2876 AsyncMac - ok
12:57:46.0251 2876 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:57:46.0266 2876 atapi - ok
12:57:46.0578 2876 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
12:57:46.0875 2876 atikmdag - ok
12:57:46.0968 2876 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:57:47.0015 2876 AudioEndpointBuilder - ok
12:57:47.0015 2876 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:57:47.0046 2876 Audiosrv - ok
12:57:47.0062 2876 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:57:47.0093 2876 avgntflt - ok
12:57:47.0109 2876 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
12:57:47.0124 2876 avipbb - ok
12:57:47.0140 2876 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:57:47.0156 2876 avkmgr - ok
12:57:47.0202 2876 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:57:47.0312 2876 AxInstSV - ok
12:57:47.0390 2876 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:57:47.0514 2876 b06bdrv - ok
12:57:47.0577 2876 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:57:47.0670 2876 b57nd60x - ok
12:57:47.0686 2876 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:57:47.0764 2876 BDESVC - ok
12:57:47.0764 2876 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:57:47.0842 2876 Beep - ok
12:57:47.0904 2876 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:57:48.0029 2876 BFE - ok
12:57:48.0170 2876 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
12:57:48.0263 2876 BITS - ok
12:57:48.0279 2876 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:48.0326 2876 blbdrive - ok
12:57:48.0341 2876 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:57:48.0372 2876 Bonjour Service - ok
12:57:48.0388 2876 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:57:48.0435 2876 bowser - ok
12:57:48.0482 2876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:57:48.0575 2876 BrFiltLo - ok
12:57:48.0591 2876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:57:48.0622 2876 BrFiltUp - ok
12:57:48.0622 2876 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:57:48.0716 2876 Browser - ok
12:57:48.0762 2876 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:57:48.0872 2876 Brserid - ok
12:57:48.0887 2876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:48.0934 2876 BrSerWdm - ok
12:57:48.0965 2876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:48.0996 2876 BrUsbMdm - ok
12:57:49.0012 2876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:49.0043 2876 BrUsbSer - ok
12:57:49.0074 2876 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:57:49.0121 2876 BTHMODEM - ok
12:57:49.0152 2876 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:57:49.0199 2876 bthserv - ok
12:57:49.0215 2876 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:57:49.0262 2876 cdfs - ok
12:57:49.0340 2876 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:57:49.0386 2876 cdrom - ok
12:57:49.0402 2876 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:57:49.0449 2876 CertPropSvc - ok
12:57:49.0449 2876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:57:49.0480 2876 circlass - ok
12:57:49.0496 2876 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:57:49.0511 2876 CLFS - ok
12:57:49.0636 2876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:57:49.0652 2876 clr_optimization_v2.0.50727_32 - ok
12:57:49.0745 2876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:57:49.0761 2876 clr_optimization_v4.0.30319_32 - ok
12:57:49.0776 2876 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:57:49.0792 2876 CmBatt - ok
12:57:49.0839 2876 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:57:49.0854 2876 cmdide - ok
12:57:49.0870 2876 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:57:49.0932 2876 CNG - ok
12:57:49.0932 2876 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:57:49.0964 2876 Compbatt - ok
12:57:49.0964 2876 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:57:50.0026 2876 CompositeBus - ok
12:57:50.0042 2876 COMSysApp - ok
12:57:50.0057 2876 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:57:50.0073 2876 crcdisk - ok
12:57:50.0104 2876 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:57:50.0151 2876 CryptSvc - ok
12:57:50.0166 2876 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:57:50.0261 2876 CSC - ok
12:57:50.0323 2876 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:57:50.0386 2876 CscService - ok
12:57:50.0417 2876 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:57:50.0495 2876 DcomLaunch - ok
12:57:50.0511 2876 DCSLoader (62f26d0d970fa21a9d965d04453c1def) C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
12:57:50.0589 2876 DCSLoader - ok
12:57:50.0635 2876 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:57:50.0682 2876 defragsvc - ok
12:57:50.0698 2876 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:57:50.0729 2876 DfsC - ok
12:57:50.0791 2876 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
12:57:50.0823 2876 dg_ssudbus - ok
12:57:50.0854 2876 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:57:50.0916 2876 Dhcp - ok
12:57:50.0916 2876 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:57:51.0010 2876 discache - ok
12:57:51.0010 2876 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:57:51.0057 2876 Disk - ok
12:57:51.0057 2876 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:57:51.0119 2876 Dnscache - ok
12:57:51.0166 2876 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:57:51.0213 2876 dot3svc - ok
12:57:51.0228 2876 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
12:57:51.0306 2876 dot4 - ok
12:57:51.0353 2876 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:57:51.0415 2876 Dot4Print - ok
12:57:51.0462 2876 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:57:51.0540 2876 Dot4Scan - ok
12:57:51.0571 2876 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
12:57:51.0618 2876 dot4usb - ok
12:57:51.0634 2876 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:57:51.0681 2876 DPS - ok
12:57:51.0727 2876 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:57:51.0821 2876 drmkaud - ok
12:57:51.0852 2876 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:57:51.0868 2876 dtsoftbus01 - ok
12:57:51.0899 2876 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:57:51.0961 2876 DXGKrnl - ok
12:57:51.0961 2876 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:57:52.0008 2876 EapHost - ok
12:57:52.0445 2876 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:57:52.0648 2876 ebdrv - ok
12:57:52.0679 2876 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:57:52.0726 2876 EFS - ok
12:57:52.0804 2876 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:57:52.0929 2876 ehRecvr - ok
12:57:52.0960 2876 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:57:53.0022 2876 ehSched - ok
12:57:53.0116 2876 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:57:53.0256 2876 elxstor - ok
12:57:53.0272 2876 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:57:53.0319 2876 ErrDev - ok
12:57:53.0365 2876 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:57:53.0412 2876 EventSystem - ok
12:57:53.0459 2876 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:57:53.0553 2876 exfat - ok
12:57:53.0584 2876 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:57:53.0631 2876 fastfat - ok
12:57:53.0709 2876 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:57:53.0771 2876 Fax - ok
12:57:53.0787 2876 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:57:53.0833 2876 fdc - ok
12:57:53.0849 2876 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:57:53.0927 2876 fdPHost - ok
12:57:53.0958 2876 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:57:54.0036 2876 FDResPub - ok
12:57:54.0052 2876 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:57:54.0067 2876 FileInfo - ok
12:57:54.0083 2876 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:57:54.0145 2876 Filetrace - ok
12:57:54.0177 2876 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:57:54.0255 2876 flpydisk - ok
12:57:54.0270 2876 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:57:54.0301 2876 FltMgr - ok
12:57:54.0411 2876 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:57:54.0473 2876 FontCache - ok
12:57:54.0567 2876 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:57:54.0598 2876 FontCache3.0.0.0 - ok
12:57:54.0613 2876 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:57:54.0660 2876 FsDepends - ok
12:57:54.0660 2876 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:57:54.0691 2876 Fs_Rec - ok
12:57:54.0707 2876 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:57:54.0723 2876 fvevol - ok
12:57:54.0785 2876 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:57:54.0816 2876 gagp30kx - ok
12:57:54.0847 2876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:57:54.0863 2876 GEARAspiWDM - ok
12:57:54.0925 2876 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:57:55.0019 2876 gpsvc - ok
12:57:55.0035 2876 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:57:55.0097 2876 hcw85cir - ok
12:57:55.0113 2876 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:57:55.0159 2876 HdAudAddService - ok
12:57:55.0175 2876 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:57:55.0206 2876 HDAudBus - ok
12:57:55.0237 2876 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:57:55.0269 2876 HidBatt - ok
12:57:55.0300 2876 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:57:55.0362 2876 HidBth - ok
12:57:55.0378 2876 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:57:55.0409 2876 HidIr - ok
12:57:55.0425 2876 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:57:55.0456 2876 hidserv - ok
12:57:55.0471 2876 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:57:55.0503 2876 HidUsb - ok
12:57:55.0534 2876 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:57:55.0612 2876 hkmsvc - ok
12:57:55.0643 2876 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:57:55.0799 2876 HomeGroupListener - ok
12:57:55.0830 2876 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:57:55.0877 2876 HomeGroupProvider - ok
12:57:55.0893 2876 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:57:55.0908 2876 HpSAMD - ok
12:57:55.0939 2876 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:57:56.0002 2876 HTTP - ok
12:57:56.0002 2876 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:57:56.0017 2876 hwpolicy - ok
12:57:56.0017 2876 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:57:56.0049 2876 i8042prt - ok
12:57:56.0095 2876 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:57:56.0127 2876 IAANTMON - ok
12:57:56.0142 2876 iaNvStor (3db9f6f69b8bb99d241b15c7b52e3a3d) C:\Windows\system32\DRIVERS\iaNvStor.sys
12:57:56.0158 2876 iaNvStor - ok
12:57:56.0173 2876 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
12:57:56.0189 2876 iaStor - ok
12:57:56.0298 2876 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:57:56.0361 2876 iaStorV - ok
12:57:56.0610 2876 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:57:56.0673 2876 idsvc - ok
12:57:56.0751 2876 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:57:56.0782 2876 iirsp - ok
12:57:56.0860 2876 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:57:56.0953 2876 IKEEXT - ok
12:57:56.0969 2876 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:57:56.0985 2876 intelide - ok
12:57:57.0000 2876 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:57:57.0031 2876 intelppm - ok
12:57:57.0094 2876 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:57:57.0172 2876 IPBusEnum - ok
12:57:57.0187 2876 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:57.0234 2876 IpFilterDriver - ok
12:57:57.0297 2876 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:57:57.0406 2876 iphlpsvc - ok
12:57:57.0421 2876 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:57:57.0562 2876 IPMIDRV - ok
12:57:57.0609 2876 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:57:57.0687 2876 IPNAT - ok
12:57:57.0733 2876 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:57:57.0780 2876 iPod Service - ok
12:57:57.0811 2876 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:57:57.0843 2876 IRENUM - ok
12:57:57.0874 2876 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:57:57.0889 2876 isapnp - ok
12:57:57.0967 2876 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:57:58.0045 2876 iScsiPrt - ok
12:57:58.0061 2876 itecir (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
12:57:58.0139 2876 itecir - ok
12:57:58.0139 2876 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:57:58.0170 2876 kbdclass - ok
12:57:58.0170 2876 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:57:58.0201 2876 kbdhid - ok
12:57:58.0201 2876 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:57:58.0217 2876 KeyIso - ok
12:57:58.0217 2876 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:57:58.0248 2876 KSecDD - ok
12:57:58.0248 2876 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:57:58.0279 2876 KSecPkg - ok
12:57:58.0357 2876 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:57:58.0420 2876 KtmRm - ok
12:57:58.0435 2876 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
12:57:58.0498 2876 LanmanServer - ok
12:57:58.0498 2876 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:57:58.0545 2876 LanmanWorkstation - ok
12:57:58.0888 2876 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:57:58.0950 2876 LBTServ - ok
12:57:59.0013 2876 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:57:59.0044 2876 LHidFilt - ok
12:57:59.0059 2876 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:57:59.0106 2876 lltdio - ok
12:57:59.0137 2876 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:57:59.0200 2876 lltdsvc - ok
12:57:59.0215 2876 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:57:59.0247 2876 lmhosts - ok
12:57:59.0262 2876 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:57:59.0278 2876 LMouFilt - ok
12:57:59.0325 2876 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:57:59.0403 2876 LSI_FC - ok
12:57:59.0449 2876 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:57:59.0481 2876 LSI_SAS - ok
12:57:59.0481 2876 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:57:59.0512 2876 LSI_SAS2 - ok
12:57:59.0527 2876 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:57:59.0543 2876 LSI_SCSI - ok
12:57:59.0559 2876 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:57:59.0590 2876 luafv - ok
12:57:59.0637 2876 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:57:59.0683 2876 MBAMProtector - ok
12:57:59.0824 2876 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:57:59.0839 2876 MBAMService - ok
12:57:59.0917 2876 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:57:59.0949 2876 Mcx2Svc - ok
12:57:59.0995 2876 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:58:00.0042 2876 megasas - ok
12:58:00.0073 2876 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:58:00.0183 2876 MegaSR - ok
12:58:00.0198 2876 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:58:00.0245 2876 MMCSS - ok
12:58:00.0245 2876 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:58:00.0276 2876 Modem - ok
12:58:00.0276 2876 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:58:00.0292 2876 monitor - ok
12:58:00.0307 2876 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:58:00.0323 2876 mouclass - ok
12:58:00.0323 2876 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:00.0354 2876 mouhid - ok
12:58:00.0370 2876 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:58:00.0385 2876 mountmgr - ok
12:58:00.0448 2876 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:58:00.0479 2876 MozillaMaintenance - ok
12:58:00.0526 2876 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:58:00.0541 2876 mpio - ok
12:58:00.0557 2876 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:58:00.0666 2876 mpsdrv - ok
12:58:00.0775 2876 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:58:00.0900 2876 MpsSvc - ok
12:58:00.0947 2876 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:58:00.0978 2876 MRxDAV - ok
12:58:00.0994 2876 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:01.0041 2876 mrxsmb - ok
12:58:01.0056 2876 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:01.0087 2876 mrxsmb10 - ok
12:58:01.0103 2876 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:01.0134 2876 mrxsmb20 - ok
12:58:01.0150 2876 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:58:01.0181 2876 msahci - ok
12:58:01.0275 2876 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:58:01.0368 2876 msdsm - ok
12:58:01.0431 2876 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:58:01.0493 2876 MSDTC - ok
12:58:01.0524 2876 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:58:01.0555 2876 Msfs - ok
12:58:01.0571 2876 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:58:01.0602 2876 mshidkmdf - ok
12:58:01.0602 2876 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:58:01.0618 2876 msisadrv - ok
12:58:01.0665 2876 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:58:01.0743 2876 MSiSCSI - ok
12:58:01.0758 2876 msiserver - ok
12:58:01.0805 2876 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:01.0883 2876 MSKSSRV - ok
12:58:01.0899 2876 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:01.0945 2876 MSPCLOCK - ok
12:58:01.0961 2876 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:58:02.0008 2876 MSPQM - ok
12:58:02.0023 2876 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:58:02.0039 2876 MsRPC - ok
12:58:02.0055 2876 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:58:02.0055 2876 mssmbios - ok
12:58:02.0086 2876 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:58:02.0101 2876 MSTEE - ok
12:58:02.0133 2876 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:58:02.0148 2876 MTConfig - ok
12:58:02.0148 2876 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:58:02.0195 2876 Mup - ok
12:58:02.0226 2876 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:58:02.0273 2876 napagent - ok
12:58:02.0289 2876 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:02.0320 2876 NativeWifiP - ok
12:58:02.0367 2876 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:58:02.0398 2876 NDIS - ok
12:58:02.0429 2876 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:02.0460 2876 NdisCap - ok
12:58:02.0476 2876 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:02.0523 2876 NdisTapi - ok
12:58:02.0538 2876 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:02.0569 2876 Ndisuio - ok
12:58:02.0569 2876 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:02.0616 2876 NdisWan - ok
12:58:02.0616 2876 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:58:02.0663 2876 NDProxy - ok
12:58:02.0663 2876 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:58:02.0757 2876 NetBIOS - ok
12:58:02.0772 2876 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:58:02.0835 2876 NetBT - ok
12:58:02.0835 2876 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:02.0850 2876 Netlogon - ok
12:58:02.0897 2876 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:58:02.0991 2876 Netman - ok
12:58:03.0100 2876 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0147 2876 NetMsmqActivator - ok
12:58:03.0147 2876 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0147 2876 NetPipeActivator - ok
12:58:03.0178 2876 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:58:03.0225 2876 netprofm - ok
12:58:03.0225 2876 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0240 2876 NetTcpActivator - ok
12:58:03.0240 2876 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0256 2876 NetTcpPortSharing - ok
12:58:03.0521 2876 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:58:03.0771 2876 netw5v32 - ok
12:58:03.0849 2876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:58:03.0895 2876 nfrd960 - ok
12:58:03.0911 2876 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:58:03.0958 2876 NlaSvc - ok
12:58:03.0973 2876 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:58:04.0036 2876 Npfs - ok
12:58:04.0051 2876 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:58:04.0067 2876 nsi - ok
12:58:04.0083 2876 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:58:04.0129 2876 nsiproxy - ok
12:58:04.0207 2876 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:58:04.0379 2876 Ntfs - ok
12:58:04.0379 2876 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:58:04.0426 2876 Null - ok
12:58:04.0457 2876 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:58:04.0473 2876 nvraid - ok
12:58:04.0535 2876 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:58:04.0613 2876 nvstor - ok
12:58:04.0660 2876 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:58:04.0722 2876 nv_agp - ok
12:58:05.0065 2876 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:58:05.0112 2876 ohci1394 - ok
12:58:05.0206 2876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:58:05.0299 2876 ose - ok
12:58:06.0298 2876 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:58:06.0688 2876 osppsvc - ok
12:58:06.0922 2876 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:58:07.0015 2876 p2pimsvc - ok
12:58:07.0047 2876 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:58:07.0156 2876 p2psvc - ok
12:58:07.0171 2876 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:58:07.0203 2876 Parport - ok
12:58:07.0203 2876 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:58:07.0234 2876 partmgr - ok
12:58:07.0249 2876 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:58:07.0281 2876 Parvdm - ok
12:58:07.0296 2876 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:58:07.0374 2876 PcaSvc - ok
12:58:07.0390 2876 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:58:07.0405 2876 pci - ok
12:58:07.0452 2876 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:58:07.0468 2876 pciide - ok
12:58:07.0499 2876 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:58:07.0561 2876 pcmcia - ok
12:58:07.0577 2876 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:58:07.0593 2876 pcw - ok
12:58:07.0624 2876 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:58:07.0686 2876 PEAUTH - ok
12:58:07.0811 2876 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:58:07.0905 2876 PeerDistSvc - ok
12:58:08.0092 2876 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:58:08.0185 2876 pla - ok
12:58:08.0232 2876 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:58:08.0295 2876 PlugPlay - ok
12:58:08.0326 2876 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:58:08.0388 2876 PNRPAutoReg - ok
12:58:08.0435 2876 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:58:08.0451 2876 PNRPsvc - ok
12:58:08.0513 2876 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:58:08.0653 2876 PolicyAgent - ok
12:58:08.0669 2876 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:58:08.0700 2876 Power - ok
12:58:08.0716 2876 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:08.0794 2876 PptpMiniport - ok
12:58:08.0825 2876 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:58:08.0887 2876 Processor - ok
12:58:08.0919 2876 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:58:08.0965 2876 ProfSvc - ok
12:58:08.0965 2876 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:08.0981 2876 ProtectedStorage - ok
12:58:08.0997 2876 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:58:09.0028 2876 Psched - ok
12:58:09.0059 2876 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
12:58:09.0075 2876 PSI - ok
12:58:09.0075 2876 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:58:09.0090 2876 PxHelp20 - ok
12:58:09.0355 2876 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:58:09.0449 2876 ql2300 - ok
12:58:09.0511 2876 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:58:09.0527 2876 ql40xx - ok
12:58:09.0589 2876 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:58:09.0683 2876 QWAVE - ok
12:58:09.0699 2876 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:58:09.0745 2876 QWAVEdrv - ok
12:58:09.0761 2876 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:09.0792 2876 RasAcd - ok
12:58:09.0808 2876 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:09.0855 2876 RasAgileVpn - ok
12:58:09.0886 2876 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:58:09.0917 2876 RasAuto - ok
12:58:09.0933 2876 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:09.0979 2876 Rasl2tp - ok
12:58:10.0026 2876 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:58:10.0104 2876 RasMan - ok
12:58:10.0104 2876 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:10.0198 2876 RasPppoe - ok
12:58:10.0213 2876 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:10.0245 2876 RasSstp - ok
12:58:10.0260 2876 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:10.0338 2876 rdbss - ok
12:58:10.0354 2876 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:58:10.0369 2876 rdpbus - ok
12:58:10.0385 2876 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:10.0432 2876 RDPCDD - ok
12:58:10.0447 2876 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:58:10.0479 2876 RDPDR - ok
12:58:10.0494 2876 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:58:10.0525 2876 RDPENCDD - ok
12:58:10.0541 2876 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:58:10.0557 2876 RDPREFMP - ok
12:58:10.0572 2876 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
12:58:10.0666 2876 RDPWD - ok
12:58:10.0681 2876 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:58:10.0713 2876 rdyboost - ok
12:58:10.0744 2876 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:58:10.0791 2876 RemoteAccess - ok
12:58:10.0837 2876 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:58:10.0931 2876 RemoteRegistry - ok
12:58:10.0931 2876 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:58:10.0962 2876 RpcEptMapper - ok
12:58:11.0025 2876 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:58:11.0056 2876 RpcLocator - ok
12:58:11.0103 2876 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:58:11.0134 2876 RpcSs - ok
12:58:11.0134 2876 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:11.0181 2876 rspndr - ok
12:58:11.0181 2876 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:58:11.0212 2876 RTL8167 - ok
12:58:11.0274 2876 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:58:11.0368 2876 s3cap - ok
12:58:11.0383 2876 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:11.0399 2876 SamSs - ok
12:58:11.0461 2876 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:58:11.0508 2876 sbp2port - ok
12:58:11.0524 2876 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:58:11.0555 2876 SCardSvr - ok
12:58:11.0571 2876 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:58:11.0633 2876 scfilter - ok
12:58:11.0695 2876 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:58:11.0805 2876 Schedule - ok
12:58:11.0805 2876 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:58:11.0836 2876 SCPolicySvc - ok
12:58:11.0867 2876 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:58:11.0976 2876 SDRSVC - ok
12:58:11.0992 2876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:58:12.0023 2876 secdrv - ok
12:58:12.0054 2876 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:58:12.0117 2876 seclogon - ok
12:58:12.0319 2876 Secunia PSI Agent (fc4842cecaf2a938be13a6c534034088) C:\Program Files\Secunia\PSI\PSIA.exe
12:58:12.0413 2876 Secunia PSI Agent - ok
12:58:12.0491 2876 Secunia Update Agent (401c960e9c95d35cffb17ca57c4406fb) C:\Program Files\Secunia\PSI\sua.exe
12:58:12.0553 2876 Secunia Update Agent - ok
12:58:12.0600 2876 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:58:12.0647 2876 SENS - ok
12:58:12.0663 2876 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:58:12.0725 2876 SensrSvc - ok
12:58:12.0741 2876 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:58:12.0756 2876 Serenum - ok
12:58:12.0819 2876 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:58:12.0912 2876 Serial - ok
12:58:12.0990 2876 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:58:13.0068 2876 sermouse - ok
12:58:13.0084 2876 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:58:13.0146 2876 SessionEnv - ok
12:58:13.0193 2876 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:58:13.0255 2876 sffdisk - ok
12:58:13.0271 2876 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:58:13.0318 2876 sffp_mmc - ok
12:58:13.0349 2876 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:58:13.0380 2876 sffp_sd - ok
12:58:13.0396 2876 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:58:13.0411 2876 sfloppy - ok
12:58:13.0489 2876 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:58:13.0630 2876 SharedAccess - ok
12:58:13.0692 2876 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:58:13.0723 2876 ShellHWDetection - ok
12:58:13.0770 2876 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:58:13.0786 2876 sisagp - ok
12:58:13.0833 2876 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:58:13.0895 2876 SiSRaid2 - ok
12:58:13.0942 2876 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:58:13.0973 2876 SiSRaid4 - ok
12:58:14.0004 2876 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:58:14.0035 2876 Smb - ok
12:58:14.0113 2876 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
12:58:14.0254 2876 smserial - ok
12:58:14.0316 2876 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:58:14.0363 2876 SNMPTRAP - ok
12:58:14.0363 2876 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:58:14.0394 2876 spldr - ok
12:58:14.0410 2876 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:58:14.0457 2876 Spooler - ok
12:58:14.0800 2876 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:58:14.0909 2876 sppsvc - ok
12:58:14.0987 2876 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:58:15.0081 2876 sppuinotify - ok
12:58:15.0096 2876 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:58:15.0159 2876 srv - ok
12:58:15.0174 2876 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:58:15.0221 2876 srv2 - ok
12:58:15.0221 2876 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:58:15.0252 2876 srvnet - ok
12:58:15.0283 2876 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:58:15.0330 2876 SSDPSRV - ok
12:58:15.0330 2876 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:58:15.0346 2876 ssmdrv - ok
12:58:15.0377 2876 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:58:15.0408 2876 SstpSvc - ok
12:58:15.0455 2876 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
12:58:15.0486 2876 ssudmdm - ok
12:58:15.0502 2876 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:58:15.0517 2876 stexstor - ok
12:58:15.0595 2876 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:58:15.0673 2876 StiSvc - ok
12:58:15.0673 2876 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:58:15.0705 2876 storflt - ok
12:58:15.0720 2876 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:58:15.0751 2876 StorSvc - ok
12:58:15.0798 2876 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:58:15.0845 2876 storvsc - ok
12:58:15.0845 2876 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:58:15.0861 2876 swenum - ok
12:58:15.0892 2876 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:58:15.0939 2876 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:58:15.0939 2876 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:58:16.0001 2876 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:58:16.0063 2876 swprv - ok
12:58:16.0173 2876 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:58:16.0235 2876 SysMain - ok
12:58:16.0235 2876 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:58:16.0297 2876 TabletInputService - ok
12:58:16.0329 2876 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:58:16.0407 2876 TapiSrv - ok
12:58:16.0422 2876 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
12:58:16.0438 2876 tbhsd - ok
12:58:16.0469 2876 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:58:16.0500 2876 TBS - ok
12:58:16.0594 2876 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:58:16.0656 2876 Tcpip - ok
12:58:16.0672 2876 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:58:16.0703 2876 TCPIP6 - ok
12:58:16.0719 2876 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:58:16.0750 2876 tcpipreg - ok
12:58:16.0812 2876 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:58:16.0890 2876 TDPIPE - ok
12:58:16.0906 2876 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:58:16.0921 2876 TDTCP - ok
12:58:16.0937 2876 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:58:16.0984 2876 tdx - ok
12:58:17.0202 2876 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:58:17.0343 2876 TeamViewer7 - ok
12:58:17.0389 2876 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:58:17.0405 2876 TermDD - ok
12:58:17.0483 2876 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:58:17.0577 2876 TermService - ok
12:58:17.0592 2876 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:58:17.0623 2876 Themes - ok
12:58:17.0623 2876 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:58:17.0655 2876 THREADORDER - ok
12:58:17.0655 2876 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:58:17.0717 2876 TrkWks - ok
12:58:17.0748 2876 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:58:17.0811 2876 TrustedInstaller - ok
12:58:17.0826 2876 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:17.0857 2876 tssecsrv - ok
12:58:17.0889 2876 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:58:17.0951 2876 TsUsbFlt - ok
12:58:17.0951 2876 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:58:17.0982 2876 tunnel - ok
12:58:18.0045 2876 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:58:18.0123 2876 uagp35 - ok
12:58:18.0169 2876 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:58:18.0247 2876 udfs - ok
12:58:18.0279 2876 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:58:18.0325 2876 UI0Detect - ok
12:58:18.0388 2876 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:58:18.0419 2876 uliagpkx - ok
12:58:18.0435 2876 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:58:18.0450 2876 umbus - ok
12:58:18.0466 2876 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:58:18.0513 2876 UmPass - ok
12:58:18.0528 2876 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:58:18.0544 2876 UmRdpService - ok
12:58:18.0637 2876 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:58:18.0715 2876 upnphost - ok
12:58:18.0762 2876 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:58:18.0825 2876 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:58:18.0825 2876 USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:58:18.0871 2876 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
12:58:18.0965 2876 usbaudio - ok
12:58:18.0981 2876 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:19.0043 2876 usbccgp - ok
12:58:19.0090 2876 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:58:19.0199 2876 usbcir - ok
12:58:19.0199 2876 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:58:19.0246 2876 usbehci - ok
12:58:19.0261 2876 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:58:19.0293 2876 usbhub - ok
12:58:19.0308 2876 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:58:19.0371 2876 usbohci - ok
12:58:19.0402 2876 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:58:19.0417 2876 usbprint - ok
12:58:19.0480 2876 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:58:19.0527 2876 USBSTOR - ok
12:58:19.0542 2876 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:58:19.0558 2876 usbuhci - ok
12:58:19.0605 2876 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
12:58:19.0698 2876 usbvideo - ok
12:58:19.0698 2876 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:58:19.0745 2876 UxSms - ok
12:58:19.0745 2876 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:19.0761 2876 VaultSvc - ok
12:58:19.0761 2876 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:58:19.0823 2876 vdrvroot - ok
12:58:19.0870 2876 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:58:19.0979 2876 vds - ok
12:58:20.0010 2876 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:20.0041 2876 vga - ok
12:58:20.0041 2876 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:58:20.0073 2876 VgaSave - ok
12:58:20.0104 2876 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:58:20.0182 2876 vhdmp - ok
12:58:20.0244 2876 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:58:20.0291 2876 viaagp - ok
12:58:20.0322 2876 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:58:20.0353 2876 ViaC7 - ok
12:58:20.0385 2876 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:58:20.0400 2876 viaide - ok
12:58:20.0463 2876 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:58:20.0478 2876 vmbus - ok
12:58:20.0525 2876 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:58:20.0541 2876 VMBusHID - ok
12:58:20.0556 2876 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:58:20.0572 2876 volmgr - ok
12:58:20.0587 2876 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:58:20.0619 2876 volmgrx - ok
12:58:20.0665 2876 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:58:20.0681 2876 volsnap - ok
12:58:20.0728 2876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:58:20.0743 2876 vsmraid - ok
12:58:20.0884 2876 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:58:20.0993 2876 VSS - ok
12:58:21.0009 2876 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:58:21.0040 2876 vwifibus - ok
12:58:21.0087 2876 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:58:21.0149 2876 W32Time - ok
12:58:21.0211 2876 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:58:21.0258 2876 WacomPen - ok
12:58:21.0274 2876 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:21.0321 2876 WANARP - ok
12:58:21.0321 2876 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:21.0352 2876 Wanarpv6 - ok
12:58:21.0789 2876 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:58:21.0945 2876 WatAdminSvc - ok
12:58:22.0506 2876 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:58:22.0693 2876 wbengine - ok
12:58:22.0725 2876 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:58:22.0771 2876 WbioSrvc - ok
12:58:22.0818 2876 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:58:22.0912 2876 wcncsvc - ok
12:58:22.0943 2876 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:58:23.0005 2876 WcsPlugInService - ok
12:58:23.0021 2876 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:58:23.0037 2876 Wd - ok
12:58:23.0052 2876 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:58:23.0099 2876 Wdf01000 - ok
12:58:23.0115 2876 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:58:23.0224 2876 WdiServiceHost - ok
12:58:23.0224 2876 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:58:23.0239 2876 WdiSystemHost - ok
12:58:23.0286 2876 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:58:23.0349 2876 WebClient - ok
12:58:23.0380 2876 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:58:23.0427 2876 Wecsvc - ok
12:58:23.0442 2876 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:58:23.0473 2876 wercplsupport - ok
12:58:23.0489 2876 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:58:23.0520 2876 WerSvc - ok
12:58:23.0520 2876 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:23.0551 2876 WfpLwf - ok
12:58:23.0567 2876 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:58:23.0583 2876 WIMMount - ok
12:58:23.0801 2876 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:58:23.0879 2876 WinDefend - ok
12:58:23.0879 2876 WinHttpAutoProxySvc - ok
12:58:24.0113 2876 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:58:24.0191 2876 Winmgmt - ok
12:58:24.0487 2876 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:58:24.0628 2876 WinRM - ok
12:58:24.0690 2876 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
12:58:24.0753 2876 WinUsb - ok
12:58:24.0799 2876 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:58:24.0877 2876 Wlansvc - ok
12:58:24.0893 2876 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:58:24.0909 2876 WmiAcpi - ok
12:58:24.0955 2876 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:58:25.0018 2876 wmiApSrv - ok
12:58:25.0205 2876 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:58:25.0314 2876 WMPNetworkSvc - ok
12:58:25.0751 2876 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:58:25.0860 2876 WPCSvc - ok
12:58:25.0876 2876 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:58:25.0938 2876 WPDBusEnum - ok
12:58:25.0969 2876 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:58:26.0047 2876 ws2ifsl - ok
12:58:26.0313 2876 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
12:58:26.0406 2876 wscsvc - ok
12:58:26.0422 2876 WSearch - ok
12:58:27.0108 2876 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:58:27.0217 2876 wuauserv - ok
12:58:27.0249 2876 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:58:27.0280 2876 WudfPf - ok
12:58:27.0342 2876 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:27.0405 2876 WUDFRd - ok
12:58:27.0420 2876 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:58:27.0467 2876 wudfsvc - ok
12:58:27.0498 2876 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:58:27.0529 2876 WwanSvc - ok
12:58:27.0561 2876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:58:27.0607 2876 \Device\Harddisk1\DR1 - ok
12:58:27.0607 2876 Boot (0x1200) (783bad39f81ecc8c0008ad248c7b2803) \Device\Harddisk1\DR1\Partition0
12:58:27.0623 2876 \Device\Harddisk1\DR1\Partition0 - ok
12:58:27.0623 2876 ============================================================
12:58:27.0623 2876 Scan finished
12:58:27.0623 2876 ============================================================
12:58:27.0654 2788 Detected object count: 2
12:58:27.0654 2788 Actual detected object count: 2
13:00:07.0361 2788 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:07.0361 2788 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:07.0361 2788 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:07.0361 2788 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:11.0697 3208 Deinitialize success
|
|
| Themen zu Smart Fortress 2012 auf Windows 7 Professional (32bit) |
| 7-zip, adobe after effects, antivir, application/pdf, application/pdf:, avira, bho, bonjour, converter, decrypter, desktop, device driver, document, entfernen, fehler, firefox, flash player, geld, google, helper, home, install.exe, jdownloader, karte, langs, microsoft office word, mp3, object, pdfforge toolbar, plug-in, remote control, scan, searchscopes, security, senden, sketchup, svchost.exe, system, taskhost.exe, total commander, tracker, trojaner, usb, version=1.0, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
