| |
| |||||||
Log-Analyse und Auswertung: Links (nicht nur aus Google) oft umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.10.2012, 23:07
| #1 |
 |  Links (nicht nur aus Google) oft umgeleitet Hallo, bei der Suche nach „Links umgeleitet“ hat mich Google hierher geführt. Kein Virenscanner hat bisher geholfen. Mangels Installations-DVD (alles war vorinstalliert) und mangels Zeit habe ich auch keine große Lust, eine Neuinstallation anzugehen. Nun habe ich gelesen, dass vielen, die mein Problem hatten, hier im Forum geholfen werden konnte. Also versuche ich es ebenfalls: Symptome: Die Probleme begannen etwa am 3. Oktober 2012. 1. Links in Firefox werden umgeleitet, manchmal gelegentlich, manchmal derselbe Link vielfach hintereinander. Nicht nur Links aus Google heraus sind betroffen, auch solche auf anderen Websites, sogar Links hier im Forum wurden bereits umgebogen. Ziel der Umleitung sind dem Anschein nach beliebige Seiten (auch viele seriöse), die über kaskadierte Umleitungen über mehrere Zwischenadressen erreicht werden. Aufgefallen ist mir dabei eine Häufung von beinhome.com als Zwischenstation. Aussagen zum Verhalten in IE kann ich nicht machen, da ich den nicht aktiv benutze (er ist aber installiert). 2. Der Rechner ist oft sehr langsam. Teilweise „hängt“ Firefox richtiggehend. Seit wenigen Tagen dauert auch das Starten von Windows gefühlt länger. Mir ist klar, dass das auch Ursachen haben kann, die mit einem/diesem Virus nichts zu tun haben. 3. Unten rechts erscheint ein Werbefenster. Es ist nur sehr selten aufgetaucht und seit einiger Zeit gar nicht mehr. Vielleicht hat sich dieser Teil bereits durch meine Versuche mit diversen Virenscannern erledigt? Soweit ich mich erinnere, sah das Fenster oft (oder immer) so aus, als handele es sich um ein AVG2012-Fenster mit der Bitte ein Update zu starten, das in den linken zwei Dritteln mit der fremden Werbung überschrieben war. Vielleicht war es tatsächlich ein Update-Fenster, in das sich ein Virus eingenistet hat? Versuche der Ursachensuche / Behebung: Ursache könnte (muss aber nicht) eine Email oder deren Anhang (*.txt) sein. Meine Tochter hat erstmalig (und nach intensiver Schulung hoffentlich auch letztmalig) die Email eines ihr unbekannten Absenders geöffnet. Den Anhang, eine txt-Datei hat sie angeblich nicht geöffnet, aber wer weiß... Leider haben wir die Email gelöscht, auch aus dem Papierkorb. 1. Scan mit AVG2013-free läuft häufig. Es ist mein Standard-Antivirus. Im ersten Screenshot (siehe unten) steht, was sich in Quarantäne befindet, wobei mir vor allem die ersten beiden Einträge (Java) Sorge machen. 2. Scan mit Ad-Aware Antivirus Im Rahmen der Fehlersuche habe ich Ad-Aware aktualisiert. Am 13.10.2012 um 20:37 hat Ad-Aware einen Trojaner in Quarantäne geschoben, siehe zweiten Screenshot im Anhang. Auch danach ist das Problem der umgeleiteten Links aber nicht behoben. 3. Gestern: Scan mit aktualisiertem Malwarebytes Anti-Malware, ohne Befund. Hier das Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.25.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Rahn :: RAHN-PC [Administrator] 25.10.2012 21:30:45 mbam-log-2012-10-25 (21-30-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 576376 Laufzeit: 2 Stunde(n), 22 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Rahn :: RAHN-PC [Administrator] 03.10.2012 23:31:57 mbam-log-2012-10-03 (23-31-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248048 Laufzeit: 4 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1000\$RMFVMDV.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Anschließend: OTL runtergeladen, Quickscan mit unveränderten Voreinstellungen, hier die Logfiles: OTL.Txt Code:
ATTFilter OTL logfile created on: 10/26/2012 8:47:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.41% Memory free 7.71 Gb Paging File | 6.17 Gb Available in Paging File | 79.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.72 Gb Total Space | 72.59 Gb Free Space | 48.81% Space Free | Partition Type: NTFS Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS Drive E: | 702.82 Mb Total Space | 279.13 Mb Free Space | 39.72% Space Free | Partition Type: UDF Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32 Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/26 20:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/08/29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe PRC - [2009/12/26 21:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe PRC - [2009/11/04 14:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/13 20:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/09/15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/08/30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/10/12 18:15:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 17:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger) SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721) SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/08/30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012/06/11 14:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012/06/11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012/06/11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010/08/24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010/08/24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2010/02/19 23:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010/02/19 23:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/12/09 11:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp) DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/10/26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/10 05:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2 FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0 FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5 FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5 FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 21:11:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 21:11:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 18:20:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 18:20:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 22:32:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions [2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/23 19:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions [2012/09/18 22:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2012/10/12 21:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011/10/31 20:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012/10/14 09:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012/09/15 17:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de [2012/10/03 22:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011/12/09 21:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp [2012/03/29 21:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi [2012/07/24 09:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi [2012/02/24 19:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012/08/29 21:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012/07/25 23:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/11/02 00:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml [2012/10/12 18:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/12 18:20:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/03 18:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/30 18:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 18:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/09/22 00:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.55.76.230 www.google-analytics.com. O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net. O1 - Hosts: 74.55.76.230 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ] O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/26 20:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/26 12:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/10/19 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite [2012/10/19 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount [2012/10/19 21:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia [2012/10/19 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/19 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012/10/19 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012/10/19 21:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/10/19 21:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012/10/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/10/16 23:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus [2012/10/16 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8 [2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics [2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics [2012/10/16 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics [2012/10/16 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword [2012/10/14 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2012/10/14 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/10/14 11:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData [2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013 [2012/10/12 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/03 23:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2012/10/03 22:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012/10/03 22:11:20 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012/10/03 22:11:18 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012/10/03 22:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012/10/03 22:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations [2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\adawarebp [2012/10/03 22:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012/10/03 22:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012/10/03 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/10/03 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/26 20:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/26 20:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/26 20:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 20:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/26 18:20:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/26 18:20:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/26 18:13:23 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012/10/26 18:12:53 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/10/26 18:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/26 18:12:41 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys [2012/10/26 12:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/10/21 22:59:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/21 22:59:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/21 22:59:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/21 22:59:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/21 22:59:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/20 20:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 21:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 23:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties [2012/10/16 23:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe [2012/10/16 22:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012/10/01 06:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/10/01 06:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/28 09:32:03 | 000,003,391 | ---- | M] () -- C:\Users\Rahn\.recently-used.xbel [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/26 20:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 20:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/20 20:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 21:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 23:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties [2012/10/16 23:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2012/10/16 23:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/16 22:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk [2012/10/14 11:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/10/03 22:16:36 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012/09/28 09:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel [2011/12/25 23:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/25 00:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/06 20:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/10/06 20:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/09/29 01:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA} [2011/05/11 22:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/05/11 22:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini [2011/05/01 20:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/28 20:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol [2011/03/13 21:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011/02/27 21:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions [2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common [2011/02/12 20:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/12 20:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance [2011/01/15 00:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/01/14 23:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/01/13 20:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/10 23:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/10 23:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/03/10 00:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db [2010/03/04 01:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/06/15 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV [2012/10/04 00:01:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Ad-Aware Antivirus [2012/10/14 11:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2011/01/08 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9 [2012/10/21 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM [2010/02/19 22:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile [2012/09/22 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint [2011/05/11 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC [2011/02/04 01:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0 [2010/04/08 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater [2011/02/02 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech [2011/03/05 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX [2012/10/20 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee [2011/02/12 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon [2010/02/16 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org [2012/10/19 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics [2011/02/12 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara [2012/10/18 23:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF [2010/02/26 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper [2010/12/23 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird [2012/09/01 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10 [2012/10/14 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/09/30 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser [2010/02/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone [2010/03/30 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView [2011/09/28 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10/26/2012 8:47:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.41% Memory free
7.71 Gb Paging File | 6.17 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 72.59 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 279.13 Mb Free Space | 39.72% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DA3E4F2-BC2A-4F33-846D-B1733D064E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{2059C339-6362-4D40-80DA-5A329353431D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A61F0A5-5863-40AC-B079-51D0844E27EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85EB56DC-91CC-4367-A271-3AE655F0143E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D4452DF-0C76-42C3-A35D-3C64AE781339}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A29BB54A-E5E4-464B-98DB-46DE28D2D9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBF90D7E-EBC9-4F04-BDF6-83549DC58B76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C945A7B4-B5E3-4EB2-9CD0-3E71823F109F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D56A5123-25E1-41F4-A410-3EFA863CAFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{EB292898-10CF-47A3-8546-0AF777B6D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/23/2012 9:09:22 AM | Computer Name = Rahn-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 4/23/2012 11:08:54 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/24/2012 12:15:35 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/25/2012 3:43:28 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0xd7c Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
[ System Events ]
Error - 10/26/2012 8:30:48 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/26/2012 12:12:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/26/2012 12:13:01 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = DCOM | ID = 10005
Description =
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Ad-Aware erreicht.
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ad-Aware" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 10/26/2012 12:14:56 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2012 2:39:09 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2012 2:42:09 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2012 2:51:10 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
< End of report >
Damit bin ich mit meinem Latein am Ende und bitte einen von Euch Experten um Hilfe. Schon mal vielen, vielen Dank !! |
|
27.10.2012, 07:29
| #2 | ||||
| /// Helfer-Team    | Links (nicht nur aus Google) oft umgeleitet Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere: Zitat:
kann es zu einem Systemabsturz kommen! Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Wichtig: Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
erneut einen Systemscan mit OTL
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
kira
__________________ |
|
27.10.2012, 10:45
| #3 |
| | Links (nicht nur aus Google) oft umgeleitet Danke vielmals, kira, dass Du so schnell zur Hilfe geeilt bist!
__________________1. Ad-Aware ist jetzt deinstalliert. Ich hatte es ohnehin nur in der aktuellen Not installiert. Dann Rechner neu gestartet. 2. Mit OTL mit den angegebene Einstellungen gescannt: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/27/2012 11:09:57 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.92% Memory free 7.71 Gb Paging File | 6.25 Gb Available in Paging File | 81.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.72 Gb Total Space | 74.80 Gb Free Space | 50.30% Space Free | Partition Type: NTFS Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32 Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/27 11:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/08/29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe PRC - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe PRC - [2009/12/26 21:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe PRC - [2009/11/04 14:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/13 20:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/09/15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/08/30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/10/26 23:16:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 17:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger) SRV - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721) SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/08/30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012/06/11 14:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012/06/11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012/06/11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010/08/24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010/08/24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2010/02/19 23:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010/02/19 23:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/12/09 11:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp) DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/10/26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/10 05:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2 FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0 FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5 FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5 FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 21:11:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 21:11:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:16:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 23:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 22:32:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions [2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/23 19:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions [2012/09/18 22:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2012/10/12 21:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011/10/31 20:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012/10/14 09:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012/09/15 17:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de [2012/10/03 22:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011/12/09 21:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp [2012/03/29 21:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi [2012/07/24 09:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi [2012/02/24 19:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012/08/29 21:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012/07/25 23:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/11/02 00:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml [2012/10/26 23:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/26 23:16:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/03 18:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/30 18:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 18:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/09/22 00:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.55.76.230 www.google-analytics.com. O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net. O1 - Hosts: 74.55.76.230 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ] O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/26 23:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/26 20:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/26 12:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/10/19 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite [2012/10/19 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount [2012/10/19 21:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia [2012/10/19 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/19 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012/10/19 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012/10/19 21:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/10/19 21:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012/10/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/10/16 23:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus [2012/10/16 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8 [2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics [2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics [2012/10/16 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics [2012/10/16 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword [2012/10/14 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2012/10/14 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/10/14 11:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData [2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013 [2012/10/10 22:30:44 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/10 22:30:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/10 22:30:42 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/10 22:30:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/10 22:30:29 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/10 22:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/03 22:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations [2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\adawarebp [2012/10/03 22:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012/10/03 22:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012/10/03 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/10/03 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/27 11:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/27 11:07:27 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/27 11:07:27 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/27 11:00:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/10/27 10:59:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/27 10:59:56 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys [2012/10/27 10:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/26 23:40:29 | 000,067,348 | ---- | M] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg [2012/10/26 23:39:59 | 000,110,109 | ---- | M] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg [2012/10/26 20:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 20:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/26 12:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/10/21 22:59:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/21 22:59:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/21 22:59:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/21 22:59:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/21 22:59:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/20 20:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 21:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 23:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties [2012/10/16 23:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe [2012/10/16 22:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/10 17:46:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/10 17:46:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012/10/01 06:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/10/01 06:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/28 09:32:03 | 000,003,391 | ---- | M] () -- C:\Users\Rahn\.recently-used.xbel [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/26 23:38:05 | 000,067,348 | ---- | C] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg [2012/10/26 23:36:57 | 000,110,109 | ---- | C] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg [2012/10/26 20:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 20:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/20 20:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 21:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 23:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties [2012/10/16 23:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2012/10/16 23:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/16 22:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk [2012/10/14 11:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/09/28 09:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel [2011/12/25 23:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/25 00:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/06 20:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/10/06 20:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/09/29 01:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA} [2011/05/11 22:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/05/11 22:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini [2011/05/01 20:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/28 20:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol [2011/03/13 21:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011/02/27 21:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions [2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common [2011/02/12 20:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/12 20:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance [2011/01/15 00:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/01/14 23:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/01/13 20:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/10 23:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/10 23:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/03/10 00:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db [2010/03/04 01:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/06/15 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV [2012/10/14 11:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2011/01/08 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9 [2012/10/21 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM [2010/02/19 22:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile [2012/09/22 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint [2011/05/11 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC [2011/02/04 01:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0 [2010/04/08 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater [2011/02/02 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech [2011/03/05 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX [2012/10/20 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee [2011/02/12 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon [2010/02/16 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org [2012/10/19 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics [2011/02/12 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara [2012/10/18 23:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF [2010/02/26 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper [2010/12/23 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird [2012/09/01 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10 [2012/10/14 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/09/30 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser [2010/02/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone [2010/03/30 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView [2011/09/28 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum ========== Purity Check ========== < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/27/2012 11:09:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.92% Memory free
7.71 Gb Paging File | 6.25 Gb Available in Paging File | 81.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 74.80 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DA3E4F2-BC2A-4F33-846D-B1733D064E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{2059C339-6362-4D40-80DA-5A329353431D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A61F0A5-5863-40AC-B079-51D0844E27EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85EB56DC-91CC-4367-A271-3AE655F0143E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D4452DF-0C76-42C3-A35D-3C64AE781339}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A29BB54A-E5E4-464B-98DB-46DE28D2D9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBF90D7E-EBC9-4F04-BDF6-83549DC58B76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C945A7B4-B5E3-4EB2-9CD0-3E71823F109F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D56A5123-25E1-41F4-A410-3EFA863CAFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{EB292898-10CF-47A3-8546-0AF777B6D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0xd7c Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
Error - 4/30/2012 12:24:40 PM | Computer Name = Rahn-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 5/1/2012 4:00:45 AM | Computer Name = Rahn-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12e8 Startzeit:
01cd2770308885a6 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ad428aba-9363-11e1-a07f-00245442c190
Error - 5/1/2012 4:57:12 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 5/2/2012 12:52:51 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 10/26/2012 5:42:26 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2012 5:48:27 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2012 6:17:40 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/27/2012 3:03:02 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/27/2012 3:04:20 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/27/2012 4:58:38 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/27/2012 5:00:17 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 10/27/2012 5:01:30 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/27/2012 5:10:31 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
Error - 10/27/2012 5:16:32 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
< End of report >
3. Liste aller installierten Programme, erstellt mit CCleaner: Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 07.01.2011 4,53MB 9.20.00.0 AAVUpdateManager Wolters Kluwer Deutschland GmbH 17.06.2012 32,0MB 18.00.0000 Ad-Aware Browsing Protection Lavasoft 03.10.2012 1.0.1.41 Adobe AIR Adobe Systems Incorporated 09.12.2011 3.1.0.4880 Adobe Download Manager NOS Microsystems Ltd. 09.12.2011 1.6.2.63 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.10.2012 6,00MB 11.4.402.287 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.10.2012 6,00MB 11.4.402.287 Adobe Reader X (10.1.1) Adobe Systems Incorporated 09.12.2011 114MB 10.1.1 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 08.10.2012 121MB 10.1.4 Apple Application Support Apple Inc. 11.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 11.03.2012 24,9MB 5.1.1.4 Apple Software Update Apple Inc. 25.12.2011 2,38MB 2.1.3.127 Atheros Client Installation Program Atheros 15.12.2009 1.0.1.0805 AVG 2013 AVG Technologies 26.10.2012 2013.0.2742 BatteryLifeExtender Samsung 15.12.2009 14,2MB 1.0.1 Biet-O-Matic v2.14.8 BOM Development Team 27.02.2011 Biet-O-Matic v2.14.8 Bonjour Apple Inc. 25.12.2011 2,04MB 3.0.0.10 Cam4you utilities 24.12.2010 Canon iP2700 series Benutzerregistrierung 18.03.2012 Canon iP2700 series Printer Driver 18.03.2012 Canon Utilities Easy-PhotoPrint EX 18.03.2012 Canon Utilities My Printer 18.03.2012 CCleaner Piriform 24.10.2012 3.24 ChargeableUSB SAMSUNG 15.12.2009 1.0.0.0 Compatibility Pack für 2007 Office System Microsoft Corporation 10.10.2012 176MB 12.0.6612.1000 CyberLink DVD Suite CyberLink Corp. 15.12.2009 15,1MB 6.0.2806 CyberLink LabelPrint CyberLink Corp. 15.12.2009 163MB 2.5.1916 CyberLink Power2Go CyberLink Corp. 15.12.2009 120MB 6.0.3108a CyberLink PowerDirector CyberLink Corp. 15.12.2009 367MB 7.0.3213 CyberLink PowerDVD 8 CyberLink Corp. 15.12.2009 91,3MB 8.0.2815b CyberLink PowerProducer CyberLink Corp. 15.12.2009 297MB 5.0.1.1812 CyberLink YouCam CyberLink Corp. 04.02.2010 77,1MB 2.0.3304 DCIMImport 2.0.0.70 Lennart Jansson 12.02.2011 2,14MB 2.0.0.70 Debugging Tools for Windows (x64) Microsoft Corporation 03.02.2011 39,8MB 6.12.2.633 Die*Sims*Mittelalter Electronic Arts 24.12.2011 2.0.113 Easy Display Manager Samsung Electronics Co., Ltd. 03.02.2011 3.0 Easy Network Manager Samsung 15.12.2009 19,0MB 4.2.4 Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 04.02.2011 3.0.0.5 EasyBatteryManager Samsung 15.12.2009 4.0.0.3 EclipseCrossword Green Eclipse 16.10.2012 706KB 1.2.59 Exact Audio Copy 1.0beta1 Andre Wiethoff 11.05.2011 1.0beta1 FastStone Image Viewer 4.0 FastStone Soft 16.02.2010 4.0 FastStone Photo Resizer 2.9 FastStone Soft. 16.02.2010 2.9 File Uploader Nikon 12.02.2011 1,65MB 1.2.5 Firebird SQL Server - MAGIX Edition MAGIX AG 05.03.2011 10,1MB 2.1.27.0 Geheimakte Tunguska Deep Silver 18.02.2010 1.03.02 GIMP 2.6.8 04.03.2010 InfoBibliothek 2 Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH 17.06.2012 25,6MB 1.08.03.01 Intel(R) Rapid Storage Technology Intel Corporation 27.10.2012 9.5.4.1001 Intel(R) Turbo Boost Technology Driver Intel Corporation 07.02.2011 01.00.01.1002 iTunes Apple Inc. 16.04.2012 156MB 10.6.1.7 Java 7 Update 7 Oracle 31.08.2012 128MB 7.0.70 Logitech SetPoint 6.20 Logitech 02.02.2011 39,0MB 6.20.64 MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D) MAGIX AG 05.03.2011 7.0.3.8 MAGIX Online Druck Service MAGIX AG 05.03.2011 3.4.3.0 MAGIX Screenshare MAGIX AG 05.03.2011 4.3.6.1987 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 20.10.2012 19,4MB 1.65.1.1000 Marvell Miniport Driver Marvell 15.12.2009 11.22.3.3 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.12.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 25.12.2011 51,9MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 12.03.2012 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 11.03.2012 12.0.6612.1000 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.08.2012 140MB 12.0.6612.1000 Microsoft Silverlight Microsoft Corporation 24.05.2012 100MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.02.2010 1,72MB 3.1.0000 Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 19.09.2011 2,59MB 3.5.5692.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.12.2011 300KB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 23.12.2010 2,01MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.02.2010 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 09.12.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 23.12.2010 600KB 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.12.2011 232KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.09.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 09.12.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 11.03.2012 13,7MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2012 12,2MB 10.0.40219 Microsoft Windows Performance Toolkit Microsoft Corporation 03.02.2011 26,1MB 4.8.0 Microsoft Windows SDK for Windows 7 (7.1) Microsoft Corporation 03.02.2011 7.1.7600.0.30514 Microsoft WSE 3.0 Runtime Microsoft Corp. 24.12.2011 942KB 3.0.5305.0 MozBackup 1.4.10 Pavel Cvrcek 23.12.2010 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla 27.10.2012 39,4MB 16.0.2 Mozilla Maintenance Service Mozilla 27.10.2012 329KB 16.0.2 Mozilla Thunderbird 16.0.1 (x86 de) Mozilla 12.10.2012 40,8MB 16.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.01.2011 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.01.2011 1,33MB 4.20.9876.0 MusicBee Steven Mayall 06.01.2012 50,6MB 1.3.4334 MySQL Connector/ODBC 5.1 Oracle Corporation 05.02.2011 40,9MB 5.1.8 Nikon Message Center Nikon 12.02.2011 204KB 0.92.000 Nikon Transfer Nikon 12.02.2011 47,4MB 1.5.3 Nokia Connectivity Cable Driver Nokia 19.10.2012 3,95MB 7.1.92.0 NVIDIA Drivers NVIDIA Corporation 05.02.2011 1.10 OpenOffice.org 3.2 OpenOffice.org 26.12.2010 337MB 3.2.9502 PaperCut Print Logger 1.8 PaperCut Software Int. Pty. Ltd. 09.06.2012 1,29MB PC Connectivity Solution Nokia 19.10.2012 21,2MB 12.0.48.0 pdfsam 29.05.2012 2.2.1 PrimoPDF -- brought to you by Nitro PDF Software Nitro PDF Software 03.01.2011 5 Quick PDF Tools 2.1.6.1 Debenu 23.06.2012 2.1.6.1 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.03.2010 6.0.1.6003 REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 15.12.2009 1.01.0088 Samsung R-Series Samsung 15.12.2009 24,2MB 1.0 Samsung Recovery Solution 4 Samsung 15.12.2009 4.0.0.41 Samsung Support Center Samsung 15.12.2009 40,8MB 1.0.21 Samsung Update Plus Samsung Electronics Co., Ltd. 15.12.2009 2.0 SimCity 4 Deluxe 13.03.2011 Skype™ 5.10 Skype Technologies S.A. 05.09.2012 19,4MB 5.10.116 SmartTrainer 07.05.2011 Steuer-Spar-Erklärung Plus 2011 Akademische Arbeitsgemeinschaft Verlag 01.09.2011 320MB 16.14 Steuer-Spar-Erklärung Plus 2012 Wolters Kluwer Deutschland GmbH 17.06.2012 309MB 17.11 StreamTransport version: 1.0.2.2171 02.04.2012 Synaptics Pointing Device Driver Synaptics Incorporated 15.12.2009 14.0.10.0 TerraTec G5 V6.270.13.00 05.03.2011 6.270.13.00 TheLastRipper 1.4 TheLastRipper developer team 26.02.2010 1.4 TIPP10 Version 2.1.0 (c) 2006-2011, Tom Thielicke IT Solutions 09.12.2011 TV-Browser 3.2 TV-Browser Team 22.09.2012 3.2 User Guide 15.12.2009 1.0 VideoCam Suite 3.0 Panasonic Corporation 19.09.2011 3.00.031.1031 Visual C++ 8.0 Runtime Setup Package (x64) AVG Technologies CZ, s.r.o. 14.02.2010 2,23MB 9.0.0.623 Visual Studio 2008 x64 Redistributables AVG Technologies 03.10.2011 11,7MB 10.0.0.2 Visual Studio 2010 x64 Redistributables AVG Technologies 14.10.2012 12,4MB 13.0.0.1 VLC media player 2.0.1 VideoLAN 02.04.2012 2.0.1 Windows Live Anmelde-Assistent Microsoft Corporation 04.02.2010 1,93MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 05.02.2010 14.0.8089.0726 Windows Live Sync Microsoft Corporation 04.02.2010 2,79MB 14.0.8089.726 Windows Live-Uploadtool Microsoft Corporation 04.02.2010 224KB 14.0.8014.1029 Windows Movie Maker 2.6 Microsoft Corporation 27.01.2011 8,81MB 2.6.4037.0 Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 19.10.2012 05/31/2012 7.1.2.0 WinMerge 2.12.4 Thingamahoochie Software 02.01.2012 2.12.4 ZoneAlarm Free Firewall Check Point 22.09.2012 307MB 10.2.078.000 |
|
27.10.2012, 21:15
| #4 | ||
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Soll (auch) deinstalliert werden!: Zitat:
Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Java prüfen ggf aktualisieren:-> klick hier! Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 4. Alle Programme/Fenster schließen Java-Cache leeren - sollte man öfters tun! Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 5. Aktualisieren: Code:
ATTFilter OpenOffice.org
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 7. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
8. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.10.2012, 22:59
| #5 |
| | Links (nicht nur aus Google) oft umgeleitet Hallo kira, Ich habe alle Schritte durchgearbeitet, mit den nachfolgenden Abweichungen und Beobachtungen. Das Wichtigste vorab: Die Umleitung der Links ist immer noch nicht ganz weg. Mir kommt es vor, als sei es weniger geworden, aber das kann auch eine Täuschung sein. zu Schritt 2 (Fixen mit OTL): Du schreibst, es sollen dabei alle Programme geschlossen sein. Ich hatte versehentlich, während OTL den Fix ausführte, für etwa die erste Minute Firefox mit diesem Thread geöffnet, alle anderen Programme waren geschlossen. Dann habe ich auch Firefox geschlossen. Ist das ein Problem für die Reparatur? Der Rest lief wie beschrieben, inkl. Reboot. Hier der Log vom OTL-Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Rahn\Desktop\cmd.bat deleted successfully.
C:\Users\Rahn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kids
->Temp folder emptied: 10252603 bytes
->Temporary Internet Files folder emptied: 9291529 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 206651591 bytes
->Flash cache emptied: 5864 bytes
User: Public
User: Rahn
->Temp folder emptied: 2039746229 bytes
->Temporary Internet Files folder emptied: 214241728 bytes
->Java cache emptied: 2192294 bytes
->FireFox cache emptied: 384356325 bytes
->Flash cache emptied: 198831 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 432666048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46425962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 4039631882 bytes
Total Files Cleaned = 7,044.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10282012_121000
Files\Folders moved on Reboot...
C:\Users\Rahn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rahn\AppData\Local\Temp\~DF7D5AECA222AC67BB.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT058b8.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
8. ESET online Scan: "No threads found", auch kein Logfile. 9. OTL-Scan: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/28/2012 6:07:11 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.95% Memory free 7.71 Gb Paging File | 6.06 Gb Available in Paging File | 78.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.72 Gb Total Space | 77.72 Gb Free Space | 52.26% Space Free | Partition Type: NTFS Drive D: | 301.95 Gb Total Space | 114.14 Gb Free Space | 37.80% Space Free | Partition Type: NTFS Drive F: | 931.28 Gb Total Space | 764.41 Gb Free Space | 82.08% Space Free | Partition Type: FAT32 Drive U: | 67.09 Gb Total Space | 45.09 Gb Free Space | 67.21% Space Free | Partition Type: NTFS Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/27 10:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe PRC - [2012/10/26 22:16:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/10/10 13:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/08/29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/08/29 14:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 13:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe PRC - [2010/08/13 11:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe PRC - [2009/12/26 20:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe PRC - [2009/11/04 13:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/10/24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012/10/26 22:16:01 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/08/30 12:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010/10/28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/10/26 22:16:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 16:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/08/29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/14 13:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger) SRV - [2010/08/13 11:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721) SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) SRV - [2008/10/24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/21 02:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/13 02:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/08/30 12:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012/06/27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012/06/11 13:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012/06/11 13:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012/06/11 13:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012/06/11 13:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012/06/11 13:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/13 02:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/05/07 16:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/08/24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/08/24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010/08/24 18:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010/08/24 18:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2010/02/19 22:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010/02/19 22:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/12/09 10:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp) DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009/06/27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/08/25 13:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2 FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0 FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5 FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5 FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 20:11:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 20:11:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 22:16:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 22:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 21:32:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2010/12/23 13:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions [2010/12/23 13:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/23 18:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions [2012/09/18 21:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2012/10/12 20:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011/10/31 19:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012/10/14 08:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012/09/15 16:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de [2012/10/03 21:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011/12/09 20:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp [2012/03/29 20:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi [2012/07/24 08:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi [2012/02/24 18:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012/08/29 20:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012/07/25 22:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/11/01 23:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml [2012/10/26 22:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/26 22:16:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/03 17:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/30 17:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 17:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/09/21 23:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.55.76.230 www.google-analytics.com. O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net. O1 - Hosts: 74.55.76.230 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/28 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/10/28 13:01:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/10/28 13:01:45 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/10/28 13:01:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/10/28 13:01:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/10/28 13:01:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/10/28 13:01:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/10/28 13:01:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/10/28 13:01:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/10/28 13:01:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/10/28 13:01:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/10/28 13:01:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/10/28 13:01:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/10/28 13:01:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/10/28 13:01:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/10/28 13:01:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/10/28 13:01:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/28 13:01:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/10/28 13:01:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/10/28 13:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/10/28 13:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/10/28 13:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/10/28 13:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/10/28 13:01:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/10/28 13:01:35 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/10/28 13:01:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012/10/28 13:01:33 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/10/28 13:01:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012/10/28 13:01:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012/10/28 13:01:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012/10/28 12:46:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/10/28 12:46:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/10/28 12:46:07 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/10/28 12:10:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/27 10:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/10/27 10:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/26 22:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/26 19:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/26 11:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/10/19 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite [2012/10/19 20:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount [2012/10/19 20:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia [2012/10/19 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/19 20:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012/10/19 20:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012/10/19 20:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/10/19 20:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012/10/19 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/10/19 20:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012/10/19 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/10/16 22:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus [2012/10/16 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8 [2012/10/16 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics [2012/10/16 22:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics [2012/10/16 22:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics [2012/10/16 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword [2012/10/14 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2012/10/14 10:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/10/14 10:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/10/14 08:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData [2012/10/14 08:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013 [2012/10/10 21:30:44 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/10 21:30:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/10 21:30:42 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/10 21:30:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/10 21:30:29 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/10 21:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/10/05 02:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/03 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations [2012/10/03 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/10/03 21:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012/10/03 21:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/10/03 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics [2012/10/02 02:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/28 17:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/28 15:54:15 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/28 15:54:15 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/28 15:54:15 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/28 15:54:15 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/28 15:54:15 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/28 13:45:26 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/28 13:45:26 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/28 13:37:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/10/28 13:37:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/28 13:37:42 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys [2012/10/28 13:06:42 | 000,396,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/10/27 16:46:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012/10/27 10:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe [2012/10/26 22:40:29 | 000,067,348 | ---- | M] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg [2012/10/26 22:39:59 | 000,110,109 | ---- | M] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg [2012/10/26 19:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 19:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/26 11:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/10/20 19:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 20:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 22:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties [2012/10/16 22:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe [2012/10/16 21:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/10 16:46:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/10 16:46:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012/10/01 05:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/10/01 05:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/26 22:38:05 | 000,067,348 | ---- | C] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg [2012/10/26 22:36:57 | 000,110,109 | ---- | C] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg [2012/10/26 19:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable [2012/10/26 19:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe [2012/10/20 19:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 20:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/10/16 22:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties [2012/10/16 22:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2012/10/16 22:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk [2012/10/16 21:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk [2012/10/14 10:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/09/28 08:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel [2011/12/25 22:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/24 23:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/06 19:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/10/06 19:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/09/29 00:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA} [2011/05/11 21:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/05/11 21:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini [2011/05/01 19:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/28 19:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol [2011/03/13 20:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011/02/27 20:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011/02/12 19:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions [2011/02/12 19:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common [2011/02/12 19:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/12 19:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance [2011/01/14 23:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/01/14 22:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/01/13 19:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/10 22:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/10 22:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/03/09 23:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db [2010/03/04 00:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/06/15 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV [2012/10/14 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013 [2011/01/07 23:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9 [2012/10/21 10:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM [2010/02/19 21:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile [2012/09/22 20:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint [2011/05/11 21:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC [2011/02/04 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0 [2010/04/08 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater [2011/02/02 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech [2011/03/05 13:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX [2012/10/20 17:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee [2011/02/12 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon [2010/02/16 22:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org [2012/10/19 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite [2012/10/16 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics [2011/02/12 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara [2012/10/18 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF [2010/02/25 23:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper [2010/12/23 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird [2012/09/01 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10 [2012/10/14 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software [2012/09/30 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser [2010/02/16 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone [2010/03/30 07:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView [2011/09/28 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum ========== Purity Check ========== < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/28/2012 6:07:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.95% Memory free
7.71 Gb Paging File | 6.06 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 77.72 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 114.14 Gb Free Space | 37.80% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 764.41 Gb Free Space | 82.08% Space Free | Partition Type: FAT32
Drive U: | 67.09 Gb Total Space | 45.09 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/25/2012 3:43:28 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0xd7c Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
Error - 4/30/2012 12:24:40 PM | Computer Name = Rahn-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 5/1/2012 4:00:45 AM | Computer Name = Rahn-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12e8 Startzeit:
01cd2770308885a6 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ad428aba-9363-11e1-a07f-00245442c190
Error - 5/1/2012 4:57:12 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 10/28/2012 7:18:46 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 10/28/2012 8:05:11 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/28/2012 8:07:57 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/28/2012 8:08:05 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/28/2012 8:08:11 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 10/28/2012 8:36:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/28/2012 8:37:56 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10/28/2012 8:37:56 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 10/28/2012 8:40:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 10/28/2012 8:40:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Was kann ich noch tun? Auf jeden Fall Danke für die Hilfe! |
|
30.10.2012, 06:34
| #6 |
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Links (nicht nur aus Google) oft umgeleitet |
|
30.10.2012, 22:32
| #7 |
| | Links (nicht nur aus Google) oft umgeleitet Hier der Log von adwcleaner/Search: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 30/10/2012 um 22:28:03 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Rahn - RAHN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rahn\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Kids\AppData\LocalLow\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Software
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profilname : default
Datei : C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Profilname : default
Datei : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\3wcmn3nh.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[R1].txt - [3674 octets] - [30/10/2012 22:28:03]
########## EOF - C:\AdwCleaner[R1].txt - [3734 octets] ##########
Danke für jeden weiteren Hinweis! |
|
30.10.2012, 22:56
| #8 |
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
wie sieht jetzt aus? ► nur mit dem Firefox hast Du probleme, oder besteht das Problem mit Internet Explorer auch?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
31.10.2012, 18:48
| #9 |
| | Links (nicht nur aus Google) oft umgeleitet adwcleaner ist gelaufen, hier das Logfile: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 30/10/2012 um 23:00:49 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Rahn - RAHN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rahn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Kids\AppData\LocalLow\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profilname : default
Datei : C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\prefs.js
C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Profilname : default
Datei : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\3wcmn3nh.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[S1].txt - [3774 octets] - [30/10/2012 23:00:49]
########## EOF - C:\AdwCleaner[S1].txt - [3834 octets] ##########
Ich füge einen Screenshot des Werbefensters an, denn trotz des sehr unterschiedlichen Inhalts ist die Größe des Fensters und das Layout des "X" rechts oben immer gleich. Vielleicht hilft das bei der Einordnung der Ursache. |
|
01.11.2012, 06:20
| #10 |
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet TDSSKiller von Kaspersky Wichtig:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.11.2012, 15:47
| #11 |
| | Links (nicht nur aus Google) oft umgeleitet TDSSKiller hat nichts gefunden. Hier das Logfile. Ich habe in einem zweiten Scan außerdem den Haken bei "Loaded modules" gesezt, aber auch der Scan hat nichts ergeben. Code:
ATTFilter 15:28:30.0580 4456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:28:30.0767 4456 ============================================================
15:28:30.0767 4456 Current date / time: 2012/11/03 15:28:30.0767
15:28:30.0767 4456 SystemInfo:
15:28:30.0767 4456
15:28:30.0767 4456 OS Version: 6.1.7600 ServicePack: 0.0
15:28:30.0767 4456 Product type: Workstation
15:28:30.0767 4456 ComputerName: RAHN-PC
15:28:30.0783 4456 UserName: Rahn
15:28:30.0783 4456 Windows directory: C:\Windows
15:28:30.0783 4456 System windows directory: C:\Windows
15:28:30.0783 4456 Running under WOW64
15:28:30.0783 4456 Processor architecture: Intel x64
15:28:30.0783 4456 Number of processors: 4
15:28:30.0783 4456 Page size: 0x1000
15:28:30.0783 4456 Boot type: Normal boot
15:28:30.0783 4456 ============================================================
15:28:31.0344 4456 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:31.0360 4456 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:31.0859 4456 ============================================================
15:28:31.0859 4456 \Device\Harddisk0\DR0:
15:28:31.0859 4456 MBR partitions:
15:28:31.0859 4456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:28:31.0859 4456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1296F000
15:28:31.0859 4456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x147A1800, BlocksNum 0x25BE4000
15:28:31.0859 4456 \Device\Harddisk1\DR1:
15:28:31.0859 4456 MBR partitions:
15:28:31.0859 4456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
15:28:31.0859 4456 ============================================================
15:28:31.0906 4456 C: <-> \Device\Harddisk0\DR0\Partition2
15:28:31.0937 4456 D: <-> \Device\Harddisk0\DR0\Partition3
15:28:31.0937 4456 F: <-> \Device\Harddisk1\DR1\Partition1
15:28:31.0937 4456 ============================================================
15:28:31.0937 4456 Initialize success
15:28:31.0937 4456 ============================================================
15:28:55.0899 4184 ============================================================
15:28:55.0899 4184 Scan started
15:28:55.0899 4184 Mode: Manual;
15:28:55.0899 4184 ============================================================
15:28:56.0507 4184 ================ Scan system memory ========================
15:28:56.0507 4184 System memory - ok
15:28:56.0507 4184 ================ Scan services =============================
15:28:56.0757 4184 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:28:56.0757 4184 1394ohci - ok
15:28:56.0913 4184 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
15:28:56.0913 4184 AAV UpdateService - ok
15:28:56.0959 4184 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:28:56.0975 4184 ACPI - ok
15:28:57.0006 4184 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:28:57.0006 4184 AcpiPmi - ok
15:28:57.0131 4184 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:57.0131 4184 AdobeARMservice - ok
15:28:57.0318 4184 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:57.0318 4184 AdobeFlashPlayerUpdateSvc - ok
15:28:57.0381 4184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:28:57.0396 4184 adp94xx - ok
15:28:57.0459 4184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:28:57.0459 4184 adpahci - ok
15:28:57.0505 4184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:28:57.0505 4184 adpu320 - ok
15:28:57.0552 4184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:28:57.0552 4184 AeLookupSvc - ok
15:28:57.0615 4184 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
15:28:57.0630 4184 AFD - ok
15:28:57.0677 4184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:28:57.0677 4184 agp440 - ok
15:28:57.0708 4184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:28:57.0708 4184 ALG - ok
15:28:57.0739 4184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:28:57.0739 4184 aliide - ok
15:28:57.0771 4184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:28:57.0771 4184 amdide - ok
15:28:57.0802 4184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:28:57.0802 4184 AmdK8 - ok
15:28:57.0833 4184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:28:57.0833 4184 AmdPPM - ok
15:28:57.0880 4184 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:28:57.0880 4184 amdsata - ok
15:28:57.0911 4184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:28:57.0911 4184 amdsbs - ok
15:28:57.0942 4184 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:28:57.0942 4184 amdxata - ok
15:28:57.0973 4184 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:28:57.0989 4184 AppID - ok
15:28:58.0005 4184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:28:58.0020 4184 AppIDSvc - ok
15:28:58.0036 4184 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:28:58.0051 4184 Appinfo - ok
15:28:58.0129 4184 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:58.0129 4184 Apple Mobile Device - ok
15:28:58.0176 4184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:28:58.0176 4184 arc - ok
15:28:58.0192 4184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:28:58.0192 4184 arcsas - ok
15:28:58.0348 4184 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:28:58.0348 4184 aspnet_state - ok
15:28:58.0395 4184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:58.0395 4184 AsyncMac - ok
15:28:58.0426 4184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:28:58.0426 4184 atapi - ok
15:28:58.0535 4184 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:28:58.0613 4184 athr - ok
15:28:58.0675 4184 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:28:58.0691 4184 atksgt - ok
15:28:58.0738 4184 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:58.0753 4184 AudioEndpointBuilder - ok
15:28:58.0769 4184 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:28:58.0769 4184 AudioSrv - ok
15:28:59.0003 4184 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:28:59.0143 4184 AVGIDSAgent - ok
15:28:59.0206 4184 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:28:59.0221 4184 AVGIDSDriver - ok
15:28:59.0299 4184 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:28:59.0299 4184 AVGIDSHA - ok
15:28:59.0362 4184 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:28:59.0377 4184 Avgldx64 - ok
15:28:59.0424 4184 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
15:28:59.0424 4184 Avgloga - ok
15:28:59.0487 4184 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:28:59.0487 4184 Avgmfx64 - ok
15:28:59.0549 4184 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:28:59.0549 4184 Avgrkx64 - ok
15:28:59.0627 4184 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:28:59.0627 4184 Avgtdia - ok
15:28:59.0721 4184 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:28:59.0721 4184 avgwd - ok
15:28:59.0845 4184 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:28:59.0845 4184 AxInstSV - ok
15:28:59.0908 4184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:28:59.0923 4184 b06bdrv - ok
15:28:59.0955 4184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:59.0955 4184 b57nd60a - ok
15:29:00.0001 4184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:29:00.0001 4184 BDESVC - ok
15:29:00.0017 4184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:29:00.0017 4184 Beep - ok
15:29:00.0095 4184 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:29:00.0095 4184 BFE - ok
15:29:00.0126 4184 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
15:29:00.0126 4184 bgsvcgen - ok
15:29:00.0189 4184 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
15:29:00.0204 4184 BITS - ok
15:29:00.0251 4184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:00.0251 4184 blbdrive - ok
15:29:00.0345 4184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:29:00.0360 4184 Bonjour Service - ok
15:29:00.0423 4184 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:29:00.0423 4184 bowser - ok
15:29:00.0438 4184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:29:00.0438 4184 BrFiltLo - ok
15:29:00.0469 4184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:29:00.0469 4184 BrFiltUp - ok
15:29:00.0516 4184 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
15:29:00.0532 4184 Browser - ok
15:29:00.0579 4184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:29:00.0579 4184 Brserid - ok
15:29:00.0610 4184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:00.0610 4184 BrSerWdm - ok
15:29:00.0625 4184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:00.0625 4184 BrUsbMdm - ok
15:29:00.0641 4184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:00.0641 4184 BrUsbSer - ok
15:29:00.0688 4184 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:29:00.0688 4184 BthEnum - ok
15:29:00.0719 4184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:29:00.0735 4184 BTHMODEM - ok
15:29:00.0766 4184 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:29:00.0766 4184 BthPan - ok
15:29:00.0813 4184 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:29:00.0828 4184 BTHPORT - ok
15:29:00.0859 4184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:29:00.0859 4184 bthserv - ok
15:29:00.0891 4184 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:29:00.0891 4184 BTHUSB - ok
15:29:00.0906 4184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:29:00.0922 4184 cdfs - ok
15:29:00.0984 4184 [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
15:29:01.0000 4184 cdrbsdrv - ok
15:29:01.0031 4184 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:29:01.0047 4184 cdrom - ok
15:29:01.0078 4184 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:29:01.0078 4184 CertPropSvc - ok
15:29:01.0109 4184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:29:01.0109 4184 circlass - ok
15:29:01.0140 4184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:29:01.0156 4184 CLFS - ok
15:29:01.0234 4184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:01.0234 4184 clr_optimization_v2.0.50727_32 - ok
15:29:01.0281 4184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:01.0281 4184 clr_optimization_v2.0.50727_64 - ok
15:29:01.0374 4184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:01.0390 4184 clr_optimization_v4.0.30319_32 - ok
15:29:01.0437 4184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:29:01.0437 4184 clr_optimization_v4.0.30319_64 - ok
15:29:01.0468 4184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:01.0483 4184 CmBatt - ok
15:29:01.0515 4184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:29:01.0515 4184 cmdide - ok
15:29:01.0561 4184 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:29:01.0577 4184 CNG - ok
15:29:01.0608 4184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:29:01.0608 4184 Compbatt - ok
15:29:01.0655 4184 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:01.0655 4184 CompositeBus - ok
15:29:01.0671 4184 COMSysApp - ok
15:29:01.0702 4184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:29:01.0702 4184 crcdisk - ok
15:29:01.0733 4184 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:29:01.0733 4184 CryptSvc - ok
15:29:01.0780 4184 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:29:01.0795 4184 DcomLaunch - ok
15:29:01.0827 4184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:29:01.0842 4184 defragsvc - ok
15:29:01.0858 4184 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:29:01.0858 4184 DfsC - ok
15:29:01.0920 4184 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:29:01.0920 4184 Dhcp - ok
15:29:01.0967 4184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:29:01.0967 4184 discache - ok
15:29:01.0998 4184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:29:01.0998 4184 Disk - ok
15:29:02.0014 4184 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:29:02.0014 4184 Dnscache - ok
15:29:02.0045 4184 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:29:02.0045 4184 dot3svc - ok
15:29:02.0076 4184 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:29:02.0076 4184 DPS - ok
15:29:02.0107 4184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:29:02.0107 4184 drmkaud - ok
15:29:02.0170 4184 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:29:02.0185 4184 DXGKrnl - ok
15:29:02.0217 4184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:29:02.0217 4184 EapHost - ok
15:29:02.0341 4184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:29:02.0373 4184 ebdrv - ok
15:29:02.0435 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
15:29:02.0435 4184 EFS - ok
15:29:02.0513 4184 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:29:02.0529 4184 ehRecvr - ok
15:29:02.0560 4184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:29:02.0560 4184 ehSched - ok
15:29:02.0607 4184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:29:02.0622 4184 elxstor - ok
15:29:02.0653 4184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:29:02.0653 4184 ErrDev - ok
15:29:02.0700 4184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:29:02.0716 4184 EventSystem - ok
15:29:02.0747 4184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:29:02.0763 4184 exfat - ok
15:29:02.0841 4184 Fabs - ok
15:29:02.0872 4184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:29:02.0887 4184 fastfat - ok
15:29:02.0934 4184 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:29:02.0950 4184 Fax - ok
15:29:02.0965 4184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:29:02.0965 4184 fdc - ok
15:29:03.0012 4184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:29:03.0012 4184 fdPHost - ok
15:29:03.0028 4184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:29:03.0028 4184 FDResPub - ok
15:29:03.0059 4184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:29:03.0059 4184 FileInfo - ok
15:29:03.0075 4184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:29:03.0075 4184 Filetrace - ok
15:29:03.0199 4184 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:29:03.0246 4184 FirebirdServerMAGIXInstance - ok
15:29:03.0262 4184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:29:03.0262 4184 flpydisk - ok
15:29:03.0293 4184 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:29:03.0309 4184 FltMgr - ok
15:29:03.0355 4184 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
15:29:03.0371 4184 FontCache - ok
15:29:03.0402 4184 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:03.0418 4184 FontCache3.0.0.0 - ok
15:29:03.0433 4184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:29:03.0433 4184 FsDepends - ok
15:29:03.0465 4184 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:29:03.0465 4184 fssfltr - ok
15:29:03.0496 4184 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:29:03.0511 4184 fsssvc - ok
15:29:03.0543 4184 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:29:03.0543 4184 Fs_Rec - ok
15:29:03.0574 4184 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:29:03.0589 4184 fvevol - ok
15:29:03.0605 4184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:29:03.0605 4184 gagp30kx - ok
15:29:03.0636 4184 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:29:03.0636 4184 GEARAspiWDM - ok
15:29:03.0745 4184 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:29:03.0745 4184 getPlusHelper - ok
15:29:03.0792 4184 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:29:03.0808 4184 gpsvc - ok
15:29:03.0823 4184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:29:03.0823 4184 hcw85cir - ok
15:29:03.0855 4184 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:03.0870 4184 HdAudAddService - ok
15:29:03.0886 4184 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:03.0886 4184 HDAudBus - ok
15:29:03.0917 4184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:29:03.0917 4184 HidBatt - ok
15:29:03.0948 4184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:29:03.0948 4184 HidBth - ok
15:29:03.0964 4184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:29:03.0964 4184 HidIr - ok
15:29:03.0995 4184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:29:03.0995 4184 hidserv - ok
15:29:04.0026 4184 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:29:04.0026 4184 HidUsb - ok
15:29:04.0057 4184 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:29:04.0057 4184 hkmsvc - ok
15:29:04.0089 4184 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:04.0089 4184 HomeGroupListener - ok
15:29:04.0120 4184 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:04.0120 4184 HomeGroupProvider - ok
15:29:04.0151 4184 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:29:04.0151 4184 HpSAMD - ok
15:29:04.0182 4184 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:29:04.0198 4184 HTTP - ok
15:29:04.0213 4184 hwdatacard - ok
15:29:04.0229 4184 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:29:04.0229 4184 hwpolicy - ok
15:29:04.0260 4184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:04.0260 4184 i8042prt - ok
15:29:04.0291 4184 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:29:04.0307 4184 iaStor - ok
15:29:04.0354 4184 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:29:04.0369 4184 iaStorV - ok
15:29:04.0463 4184 [ 22573D87B7D4F524E9097D43F6C08426 ] iComp C:\Windows\system32\DRIVERS\p2usbhum.sys
15:29:04.0494 4184 iComp - ok
15:29:04.0572 4184 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:29:04.0588 4184 IDriverT - ok
15:29:04.0650 4184 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:04.0666 4184 idsvc - ok
15:29:04.0822 4184 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:29:04.0947 4184 igfx - ok
15:29:04.0962 4184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:29:04.0978 4184 iirsp - ok
15:29:05.0009 4184 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:29:05.0025 4184 IKEEXT - ok
15:29:05.0087 4184 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
15:29:05.0087 4184 Impcd - ok
15:29:05.0181 4184 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:29:05.0227 4184 IntcAzAudAddService - ok
15:29:05.0243 4184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:29:05.0243 4184 intelide - ok
15:29:05.0290 4184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:29:05.0290 4184 intelppm - ok
15:29:05.0321 4184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:29:05.0321 4184 IPBusEnum - ok
15:29:05.0368 4184 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:05.0383 4184 IpFilterDriver - ok
15:29:05.0430 4184 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:29:05.0446 4184 iphlpsvc - ok
15:29:05.0446 4184 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:29:05.0461 4184 IPMIDRV - ok
15:29:05.0493 4184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:29:05.0493 4184 IPNAT - ok
15:29:05.0571 4184 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:29:05.0586 4184 iPod Service - ok
15:29:05.0617 4184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:29:05.0617 4184 IRENUM - ok
15:29:05.0633 4184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:29:05.0633 4184 isapnp - ok
15:29:05.0664 4184 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:29:05.0664 4184 iScsiPrt - ok
15:29:05.0742 4184 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
15:29:05.0742 4184 ISWKL - ok
15:29:05.0805 4184 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
15:29:05.0820 4184 IswSvc - ok
15:29:05.0836 4184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:05.0836 4184 kbdclass - ok
15:29:05.0883 4184 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:05.0883 4184 kbdhid - ok
15:29:05.0898 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
15:29:05.0898 4184 KeyIso - ok
15:29:05.0929 4184 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:29:05.0929 4184 KSecDD - ok
15:29:05.0961 4184 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:29:05.0961 4184 KSecPkg - ok
15:29:05.0992 4184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:29:05.0992 4184 ksthunk - ok
15:29:06.0023 4184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:29:06.0039 4184 KtmRm - ok
15:29:06.0070 4184 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:29:06.0085 4184 LanmanServer - ok
15:29:06.0117 4184 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:06.0117 4184 LanmanWorkstation - ok
15:29:06.0210 4184 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:29:06.0226 4184 LBTServ - ok
15:29:06.0257 4184 [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:29:06.0257 4184 LEqdUsb - ok
15:29:06.0304 4184 [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:29:06.0304 4184 LHidEqd - ok
15:29:06.0335 4184 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:29:06.0335 4184 LHidFilt - ok
15:29:06.0382 4184 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:29:06.0382 4184 lirsgt - ok
15:29:06.0413 4184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:29:06.0413 4184 lltdio - ok
15:29:06.0460 4184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:29:06.0460 4184 lltdsvc - ok
15:29:06.0491 4184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:29:06.0491 4184 lmhosts - ok
15:29:06.0522 4184 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:29:06.0538 4184 LMouFilt - ok
15:29:06.0569 4184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:29:06.0569 4184 LSI_FC - ok
15:29:06.0585 4184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:29:06.0585 4184 LSI_SAS - ok
15:29:06.0600 4184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:29:06.0600 4184 LSI_SAS2 - ok
15:29:06.0616 4184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:29:06.0631 4184 LSI_SCSI - ok
15:29:06.0647 4184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:29:06.0647 4184 luafv - ok
15:29:06.0678 4184 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:29:06.0678 4184 Mcx2Svc - ok
15:29:06.0694 4184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:29:06.0709 4184 megasas - ok
15:29:06.0725 4184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:29:06.0725 4184 MegaSR - ok
15:29:06.0772 4184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:29:06.0772 4184 MMCSS - ok
15:29:06.0772 4184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:29:06.0772 4184 Modem - ok
15:29:06.0803 4184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:29:06.0819 4184 monitor - ok
15:29:06.0865 4184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:29:06.0865 4184 mouclass - ok
15:29:06.0912 4184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:29:06.0912 4184 mouhid - ok
15:29:06.0943 4184 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:29:06.0943 4184 mountmgr - ok
15:29:07.0021 4184 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:29:07.0021 4184 MozillaMaintenance - ok
15:29:07.0053 4184 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:29:07.0053 4184 mpio - ok
15:29:07.0084 4184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:29:07.0084 4184 mpsdrv - ok
15:29:07.0131 4184 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:29:07.0146 4184 MpsSvc - ok
15:29:07.0177 4184 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:29:07.0177 4184 MRxDAV - ok
15:29:07.0209 4184 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:07.0209 4184 mrxsmb - ok
15:29:07.0240 4184 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:07.0240 4184 mrxsmb10 - ok
15:29:07.0255 4184 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:07.0255 4184 mrxsmb20 - ok
15:29:07.0287 4184 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:29:07.0287 4184 msahci - ok
15:29:07.0302 4184 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:29:07.0302 4184 msdsm - ok
15:29:07.0318 4184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:29:07.0333 4184 MSDTC - ok
15:29:07.0349 4184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:29:07.0365 4184 Msfs - ok
15:29:07.0380 4184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:29:07.0380 4184 mshidkmdf - ok
15:29:07.0396 4184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:29:07.0396 4184 msisadrv - ok
15:29:07.0443 4184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:29:07.0443 4184 MSiSCSI - ok
15:29:07.0458 4184 msiserver - ok
15:29:07.0474 4184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:29:07.0489 4184 MSKSSRV - ok
15:29:07.0489 4184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:07.0489 4184 MSPCLOCK - ok
15:29:07.0505 4184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:29:07.0521 4184 MSPQM - ok
15:29:07.0552 4184 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:29:07.0552 4184 MsRPC - ok
15:29:07.0567 4184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:07.0567 4184 mssmbios - ok
15:29:07.0583 4184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:29:07.0583 4184 MSTEE - ok
15:29:07.0599 4184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:29:07.0599 4184 MTConfig - ok
15:29:07.0630 4184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:29:07.0630 4184 Mup - ok
15:29:07.0661 4184 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:29:07.0677 4184 napagent - ok
15:29:07.0723 4184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:29:07.0739 4184 NativeWifiP - ok
15:29:07.0801 4184 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:29:07.0817 4184 NDIS - ok
15:29:07.0848 4184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:07.0848 4184 NdisCap - ok
15:29:07.0848 4184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:07.0864 4184 NdisTapi - ok
15:29:07.0879 4184 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:07.0895 4184 Ndisuio - ok
15:29:07.0911 4184 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:07.0911 4184 NdisWan - ok
15:29:07.0942 4184 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:29:07.0942 4184 NDProxy - ok
15:29:07.0973 4184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:29:07.0973 4184 NetBIOS - ok
15:29:08.0020 4184 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:29:08.0020 4184 NetBT - ok
15:29:08.0035 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
15:29:08.0051 4184 Netlogon - ok
15:29:08.0098 4184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:29:08.0113 4184 Netman - ok
15:29:08.0160 4184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0160 4184 NetMsmqActivator - ok
15:29:08.0176 4184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0176 4184 NetPipeActivator - ok
15:29:08.0207 4184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:29:08.0223 4184 netprofm - ok
15:29:08.0223 4184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0223 4184 NetTcpActivator - ok
15:29:08.0238 4184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0238 4184 NetTcpPortSharing - ok
15:29:08.0254 4184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:29:08.0254 4184 nfrd960 - ok
15:29:08.0301 4184 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:29:08.0301 4184 NlaSvc - ok
15:29:08.0347 4184 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
15:29:08.0347 4184 nmwcd - ok
15:29:08.0379 4184 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
15:29:08.0379 4184 nmwcdc - ok
15:29:08.0410 4184 [ A0E7F80157AF77B1CEAA8ADD3A3E7D85 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
15:29:08.0425 4184 nmwcdnsux64 - ok
15:29:08.0441 4184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:29:08.0441 4184 Npfs - ok
15:29:08.0472 4184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:29:08.0488 4184 nsi - ok
15:29:08.0503 4184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:29:08.0503 4184 nsiproxy - ok
15:29:08.0581 4184 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:29:08.0597 4184 Ntfs - ok
15:29:08.0628 4184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:29:08.0628 4184 Null - ok
15:29:08.0675 4184 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:29:08.0675 4184 NVHDA - ok
15:29:08.0925 4184 [ 20B30D2EA755699E7420C3F7D10D479A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:29:09.0143 4184 nvlddmkm - ok
15:29:09.0174 4184 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:29:09.0174 4184 nvraid - ok
15:29:09.0205 4184 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:29:09.0205 4184 nvstor - ok
15:29:09.0252 4184 [ 72637C67DE5482B51964508666C764FF ] nvsvc C:\Windows\system32\nvvsvc.exe
15:29:09.0268 4184 nvsvc - ok
15:29:09.0299 4184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:29:09.0315 4184 nv_agp - ok
15:29:09.0393 4184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:29:09.0408 4184 odserv - ok
15:29:09.0424 4184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:09.0439 4184 ohci1394 - ok
15:29:09.0486 4184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:09.0486 4184 ose - ok
15:29:09.0517 4184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:29:09.0533 4184 p2pimsvc - ok
15:29:09.0549 4184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:29:09.0564 4184 p2psvc - ok
15:29:09.0595 4184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:29:09.0595 4184 Parport - ok
15:29:09.0627 4184 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:29:09.0642 4184 partmgr - ok
15:29:09.0658 4184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:29:09.0658 4184 PcaSvc - ok
15:29:09.0720 4184 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:29:09.0736 4184 pccsmcfd - ok
15:29:09.0767 4184 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:29:09.0767 4184 pci - ok
15:29:09.0783 4184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:29:09.0798 4184 pciide - ok
15:29:09.0829 4184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:09.0829 4184 pcmcia - ok
15:29:09.0923 4184 [ B760F68C55B75106372DCA8C141A3510 ] PCPrintLogger C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
15:29:09.0923 4184 PCPrintLogger - ok
15:29:09.0939 4184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:29:09.0939 4184 pcw - ok
15:29:09.0970 4184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:29:09.0985 4184 PEAUTH - ok
15:29:10.0079 4184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:29:10.0079 4184 PerfHost - ok
15:29:10.0141 4184 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:29:10.0157 4184 pla - ok
15:29:10.0204 4184 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:29:10.0219 4184 PlugPlay - ok
15:29:10.0251 4184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:29:10.0251 4184 PNRPAutoReg - ok
15:29:10.0282 4184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:29:10.0282 4184 PNRPsvc - ok
15:29:10.0313 4184 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:29:10.0329 4184 PolicyAgent - ok
15:29:10.0360 4184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:29:10.0360 4184 Power - ok
15:29:10.0391 4184 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:29:10.0391 4184 PptpMiniport - ok
15:29:10.0438 4184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:29:10.0438 4184 Processor - ok
15:29:10.0485 4184 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
15:29:10.0485 4184 ProfSvc - ok
15:29:10.0516 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:10.0516 4184 ProtectedStorage - ok
15:29:10.0563 4184 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:29:10.0563 4184 Psched - ok
15:29:10.0609 4184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:29:10.0641 4184 ql2300 - ok
15:29:10.0672 4184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:29:10.0672 4184 ql40xx - ok
15:29:10.0781 4184 [ 8422999865E74FAF9C51B684DA405F6A ] QuickPDFTCPService0721 C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe
15:29:10.0812 4184 QuickPDFTCPService0721 - ok
15:29:10.0828 4184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:29:10.0828 4184 QWAVE - ok
15:29:10.0859 4184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:29:10.0859 4184 QWAVEdrv - ok
15:29:10.0875 4184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:29:10.0875 4184 RasAcd - ok
15:29:10.0906 4184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:10.0906 4184 RasAgileVpn - ok
15:29:10.0921 4184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:29:10.0937 4184 RasAuto - ok
15:29:10.0953 4184 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:10.0953 4184 Rasl2tp - ok
15:29:10.0984 4184 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:29:10.0999 4184 RasMan - ok
15:29:11.0046 4184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:11.0046 4184 RasPppoe - ok
15:29:11.0046 4184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:29:11.0062 4184 RasSstp - ok
15:29:11.0077 4184 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:29:11.0077 4184 rdbss - ok
15:29:11.0109 4184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:11.0109 4184 rdpbus - ok
15:29:11.0124 4184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:11.0124 4184 RDPCDD - ok
15:29:11.0155 4184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:29:11.0155 4184 RDPENCDD - ok
15:29:11.0171 4184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:29:11.0187 4184 RDPREFMP - ok
15:29:11.0202 4184 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:29:11.0218 4184 RDPWD - ok
15:29:11.0265 4184 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:29:11.0265 4184 rdyboost - ok
15:29:11.0296 4184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:29:11.0311 4184 RemoteAccess - ok
15:29:11.0343 4184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:29:11.0343 4184 RemoteRegistry - ok
15:29:11.0389 4184 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SysWOW64\Rezip.exe
15:29:11.0436 4184 Rezip - ok
15:29:11.0483 4184 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:29:11.0483 4184 RFCOMM - ok
15:29:11.0577 4184 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:29:11.0592 4184 RichVideo - ok
15:29:11.0608 4184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:29:11.0608 4184 RpcEptMapper - ok
15:29:11.0623 4184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:29:11.0623 4184 RpcLocator - ok
15:29:11.0670 4184 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:29:11.0670 4184 RpcSs - ok
15:29:11.0701 4184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:29:11.0701 4184 rspndr - ok
15:29:11.0717 4184 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:11.0733 4184 RTL8167 - ok
15:29:11.0764 4184 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
15:29:11.0764 4184 SABI - ok
15:29:11.0779 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
15:29:11.0779 4184 SamSs - ok
15:29:11.0795 4184 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:29:11.0795 4184 sbp2port - ok
15:29:11.0826 4184 SBRE - ok
15:29:11.0873 4184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:29:11.0873 4184 SCardSvr - ok
15:29:11.0904 4184 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:29:11.0904 4184 scfilter - ok
15:29:11.0951 4184 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:29:11.0982 4184 Schedule - ok
15:29:12.0013 4184 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:29:12.0013 4184 SCPolicySvc - ok
15:29:12.0029 4184 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:29:12.0045 4184 SDRSVC - ok
15:29:12.0076 4184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:29:12.0076 4184 secdrv - ok
15:29:12.0091 4184 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:29:12.0107 4184 seclogon - ok
15:29:12.0123 4184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:29:12.0138 4184 SENS - ok
15:29:12.0154 4184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:29:12.0154 4184 SensrSvc - ok
15:29:12.0185 4184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:29:12.0185 4184 Serenum - ok
15:29:12.0216 4184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:29:12.0216 4184 Serial - ok
15:29:12.0247 4184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:29:12.0247 4184 sermouse - ok
15:29:12.0341 4184 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:29:12.0357 4184 ServiceLayer - ok
15:29:12.0403 4184 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:29:12.0403 4184 SessionEnv - ok
15:29:12.0403 4184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:29:12.0403 4184 sffdisk - ok
15:29:12.0419 4184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:29:12.0419 4184 sffp_mmc - ok
15:29:12.0435 4184 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:29:12.0435 4184 sffp_sd - ok
15:29:12.0466 4184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:12.0466 4184 sfloppy - ok
15:29:12.0497 4184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:29:12.0497 4184 SharedAccess - ok
15:29:12.0513 4184 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:12.0528 4184 ShellHWDetection - ok
15:29:12.0544 4184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:12.0544 4184 SiSRaid2 - ok
15:29:12.0559 4184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:12.0559 4184 SiSRaid4 - ok
15:29:12.0606 4184 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:29:12.0606 4184 SkypeUpdate - ok
15:29:12.0653 4184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:12.0653 4184 Smb - ok
15:29:12.0715 4184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:12.0731 4184 SNMPTRAP - ok
15:29:12.0747 4184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:12.0747 4184 spldr - ok
15:29:12.0809 4184 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
15:29:12.0809 4184 Spooler - ok
15:29:12.0934 4184 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:29:12.0965 4184 sppsvc - ok
15:29:12.0996 4184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:29:12.0996 4184 sppuinotify - ok
15:29:13.0027 4184 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:13.0043 4184 srv - ok
15:29:13.0074 4184 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:13.0074 4184 srv2 - ok
15:29:13.0105 4184 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:13.0105 4184 srvnet - ok
15:29:13.0121 4184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:13.0137 4184 SSDPSRV - ok
15:29:13.0152 4184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:13.0152 4184 SstpSvc - ok
15:29:13.0168 4184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:29:13.0168 4184 stexstor - ok
15:29:13.0215 4184 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:29:13.0230 4184 stisvc - ok
15:29:13.0261 4184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:29:13.0261 4184 swenum - ok
15:29:13.0293 4184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:29:13.0308 4184 swprv - ok
15:29:13.0355 4184 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:29:13.0355 4184 SynTP - ok
15:29:13.0433 4184 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:29:13.0449 4184 SysMain - ok
15:29:13.0464 4184 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:13.0464 4184 TabletInputService - ok
15:29:13.0495 4184 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:13.0495 4184 TapiSrv - ok
15:29:13.0527 4184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:29:13.0527 4184 TBS - ok
15:29:13.0605 4184 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:13.0636 4184 Tcpip - ok
15:29:13.0667 4184 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:13.0683 4184 TCPIP6 - ok
15:29:13.0714 4184 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:13.0714 4184 tcpipreg - ok
15:29:13.0745 4184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:13.0745 4184 TDPIPE - ok
15:29:13.0776 4184 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:13.0792 4184 TDTCP - ok
15:29:13.0823 4184 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:13.0823 4184 tdx - ok
15:29:13.0839 4184 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:29:13.0839 4184 TermDD - ok
15:29:13.0885 4184 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:29:13.0901 4184 TermService - ok
15:29:13.0932 4184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:29:13.0932 4184 Themes - ok
15:29:13.0963 4184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:13.0963 4184 THREADORDER - ok
15:29:13.0979 4184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:29:13.0995 4184 TrkWks - ok
15:29:14.0041 4184 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:14.0057 4184 TrustedInstaller - ok
15:29:14.0088 4184 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:14.0104 4184 tssecsrv - ok
15:29:14.0135 4184 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:14.0135 4184 tunnel - ok
15:29:14.0166 4184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:29:14.0182 4184 uagp35 - ok
15:29:14.0197 4184 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:14.0197 4184 udfs - ok
15:29:14.0244 4184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:14.0244 4184 UI0Detect - ok
15:29:14.0291 4184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:29:14.0291 4184 uliagpkx - ok
15:29:14.0322 4184 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:29:14.0322 4184 umbus - ok
15:29:14.0353 4184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:29:14.0353 4184 UmPass - ok
15:29:14.0385 4184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:29:14.0385 4184 upnphost - ok
15:29:14.0416 4184 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:29:14.0431 4184 upperdev - ok
15:29:14.0463 4184 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:29:14.0463 4184 USBAAPL64 - ok
15:29:14.0509 4184 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:14.0509 4184 usbccgp - ok
15:29:14.0541 4184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:29:14.0541 4184 usbcir - ok
15:29:14.0556 4184 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:29:14.0572 4184 usbehci - ok
15:29:14.0603 4184 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:14.0619 4184 usbhub - ok
15:29:14.0634 4184 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:14.0634 4184 usbohci - ok
15:29:14.0681 4184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:29:14.0681 4184 usbprint - ok
15:29:14.0728 4184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:29:14.0728 4184 usbscan - ok
15:29:14.0775 4184 [ 0F0C72A657C622286013788B886968AD ] usbser C:\Windows\system32\drivers\usbser.sys
15:29:14.0775 4184 usbser - ok
15:29:14.0821 4184 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:29:14.0821 4184 UsbserFilt - ok
15:29:14.0853 4184 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:14.0853 4184 USBSTOR - ok
15:29:14.0884 4184 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:29:14.0884 4184 usbuhci - ok
15:29:14.0931 4184 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:29:14.0931 4184 usbvideo - ok
15:29:14.0946 4184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:29:14.0962 4184 UxSms - ok
15:29:14.0977 4184 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
15:29:14.0977 4184 VaultSvc - ok
15:29:15.0009 4184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:29:15.0009 4184 vdrvroot - ok
15:29:15.0040 4184 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:29:15.0055 4184 vds - ok
15:29:15.0071 4184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:15.0087 4184 vga - ok
15:29:15.0102 4184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:15.0102 4184 VgaSave - ok
15:29:15.0118 4184 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:29:15.0118 4184 vhdmp - ok
15:29:15.0149 4184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:29:15.0149 4184 viaide - ok
15:29:15.0180 4184 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:29:15.0180 4184 volmgr - ok
15:29:15.0211 4184 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:15.0211 4184 volmgrx - ok
15:29:15.0227 4184 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:29:15.0243 4184 volsnap - ok
15:29:15.0289 4184 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
15:29:15.0305 4184 Vsdatant - ok
15:29:15.0367 4184 vsmon - ok
15:29:15.0399 4184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:15.0399 4184 vsmraid - ok
15:29:15.0477 4184 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:29:15.0492 4184 VSS - ok
15:29:15.0508 4184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:29:15.0508 4184 vwifibus - ok
15:29:15.0523 4184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:15.0539 4184 vwififlt - ok
15:29:15.0570 4184 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:29:15.0570 4184 vwifimp - ok
15:29:15.0617 4184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:29:15.0633 4184 W32Time - ok
15:29:15.0664 4184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:29:15.0664 4184 WacomPen - ok
15:29:15.0711 4184 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:15.0711 4184 WANARP - ok
15:29:15.0711 4184 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:15.0726 4184 Wanarpv6 - ok
15:29:15.0804 4184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:15.0820 4184 WatAdminSvc - ok
15:29:15.0898 4184 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:29:15.0913 4184 wbengine - ok
15:29:15.0945 4184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:15.0945 4184 WbioSrvc - ok
15:29:15.0976 4184 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:15.0991 4184 wcncsvc - ok
15:29:16.0007 4184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:16.0007 4184 WcsPlugInService - ok
15:29:16.0038 4184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:29:16.0038 4184 Wd - ok
15:29:16.0085 4184 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:16.0085 4184 Wdf01000 - ok
15:29:16.0101 4184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:16.0101 4184 WdiServiceHost - ok
15:29:16.0101 4184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:16.0116 4184 WdiSystemHost - ok
15:29:16.0132 4184 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:29:16.0132 4184 WebClient - ok
15:29:16.0147 4184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:16.0147 4184 Wecsvc - ok
15:29:16.0194 4184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:16.0194 4184 wercplsupport - ok
15:29:16.0225 4184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:16.0241 4184 WerSvc - ok
15:29:16.0257 4184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:16.0257 4184 WfpLwf - ok
15:29:16.0272 4184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:16.0272 4184 WIMMount - ok
15:29:16.0303 4184 WinDefend - ok
15:29:16.0303 4184 WinHttpAutoProxySvc - ok
15:29:16.0366 4184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:16.0381 4184 Winmgmt - ok
15:29:16.0459 4184 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:16.0491 4184 WinRM - ok
15:29:16.0506 4184 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:16.0522 4184 WinUsb - ok
15:29:16.0553 4184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:16.0569 4184 Wlansvc - ok
15:29:16.0600 4184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:16.0600 4184 WmiAcpi - ok
15:29:16.0631 4184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:16.0647 4184 wmiApSrv - ok
15:29:16.0678 4184 WMPNetworkSvc - ok
15:29:16.0709 4184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:16.0709 4184 WPCSvc - ok
15:29:16.0756 4184 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:16.0756 4184 WPDBusEnum - ok
15:29:16.0771 4184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:16.0787 4184 ws2ifsl - ok
15:29:16.0818 4184 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
15:29:16.0818 4184 wscsvc - ok
15:29:16.0818 4184 WSearch - ok
15:29:16.0912 4184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:16.0943 4184 wuauserv - ok
15:29:16.0959 4184 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:16.0959 4184 WudfPf - ok
15:29:17.0005 4184 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:17.0005 4184 WUDFRd - ok
15:29:17.0037 4184 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:17.0052 4184 wudfsvc - ok
15:29:17.0083 4184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:17.0099 4184 WwanSvc - ok
15:29:17.0146 4184 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:29:17.0146 4184 yukonw7 - ok
15:29:17.0177 4184 ================ Scan global ===============================
15:29:17.0208 4184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:17.0239 4184 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:29:17.0255 4184 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:29:17.0286 4184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:17.0317 4184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:17.0333 4184 [Global] - ok
15:29:17.0333 4184 ================ Scan MBR ==================================
15:29:17.0333 4184 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:29:17.0723 4184 \Device\Harddisk0\DR0 - ok
15:29:18.0222 4184 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
15:29:18.0238 4184 \Device\Harddisk1\DR1 - ok
15:29:18.0238 4184 ================ Scan VBR ==================================
15:29:18.0238 4184 [ B1E885D209E9A70792A97237D500216C ] \Device\Harddisk0\DR0\Partition1
15:29:18.0238 4184 \Device\Harddisk0\DR0\Partition1 - ok
15:29:18.0269 4184 [ E303A152C36609040DB4EC2867FCC51F ] \Device\Harddisk0\DR0\Partition2
15:29:18.0269 4184 \Device\Harddisk0\DR0\Partition2 - ok
15:29:18.0285 4184 [ BD458F90EAD9440BA08D40C7D2730B18 ] \Device\Harddisk0\DR0\Partition3
15:29:18.0300 4184 \Device\Harddisk0\DR0\Partition3 - ok
15:29:18.0300 4184 [ E1FED948054EFF06949C1C40487FA33D ] \Device\Harddisk1\DR1\Partition1
15:29:18.0316 4184 \Device\Harddisk1\DR1\Partition1 - ok
15:29:18.0316 4184 ============================================================
15:29:18.0316 4184 Scan finished
15:29:18.0316 4184 ============================================================
15:29:18.0331 2636 Detected object count: 0
15:29:18.0331 2636 Actual detected object count: 0
15:32:00.0760 3196 Deinitialize success
|
|
03.11.2012, 22:04
| #12 |
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
10.11.2012, 16:23
| #13 |
| | Links (nicht nur aus Google) oft umgeleitet Hallo kira, ich habe dieses Wochenende Zeit, meine Backups zu überprüfen und den nächsten Schritt durchzuführen. Dazu eine kurze Frage: Ich habe auf Laufwerk C: nur das Betriebssystem und installierte Software, auf D: nur Dateien, Musik, Bilder sowie einen Ordner mit heruntergeladener Software, die ich aber nie dort installiere. C und D sind Partitionen derselben Festplatte im Laptop. Die externe USB-Festplatte F: dient als Backup für D:. Ich kann sie für die nachfolgenden Tests abtrennen. Ist es OK, nur Daten auf C: sichern, z.B. Mailordner, Profile, Spielstände u.ä.? Oder besteht bei der Nutzung von Combofix auch eine Gefahr für D: ? |
|
11.11.2012, 08:55
| #14 |
| /// Helfer-Team | Links (nicht nur aus Google) oft umgeleitet alle Wichtige Daten sichern! unabhängig davon, ob auf C oder D liegen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
16.11.2012, 00:04
| #15 |
| | Links (nicht nur aus Google) oft umgeleitet Hier nun endlich die beiden ComboFix-Logs: log.txt: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-15.01 - Rahn 15.11.2012 23:23:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3950.2372 [GMT 1:00]
ausgeführt von:: c:\users\Rahn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-15 bis 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 22:34 . 2012-11-15 22:34 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-11-15 22:34 . 2012-11-15 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 15:28 . 2012-11-11 15:47 -------- d-----w- c:\users\Rahn\AppData\Roaming\GameSave Manager 3
2012-11-04 15:30 . 2012-11-04 15:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 15:29 . 2012-11-04 15:29 -------- d-----w- c:\users\Kids\AppData\Roaming\Logishrd
2012-11-04 15:28 . 2012-11-04 15:28 -------- d-----w- c:\users\Kids\AppData\Local\Apple Computer
2012-11-04 15:28 . 2012-11-04 15:28 -------- d-----w- c:\users\Kids\AppData\Roaming\AVG2013
2012-11-04 15:28 . 2012-11-04 15:28 -------- d-----w- c:\users\Kids\AppData\Local\Avg2013
2012-11-04 12:48 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-04 12:47 . 2012-11-04 12:48 -------- d-----w- c:\program files\iTunes
2012-11-04 12:47 . 2012-11-04 12:48 -------- d-----w- c:\program files (x86)\iTunes
2012-11-04 12:47 . 2012-11-04 12:47 -------- d-----w- c:\program files\iPod
2012-10-29 18:59 . 2012-10-29 18:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-28 11:46 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-28 11:10 . 2012-10-28 11:10 -------- d-----w- C:\_OTL
2012-10-27 09:32 . 2012-10-27 09:32 -------- d-----w- c:\program files\CCleaner
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-19 19:23 . 2012-10-19 19:23 -------- d-----w- c:\users\Rahn\AppData\Local\Nokia
2012-10-19 19:23 . 2012-10-19 19:25 -------- d-----w- c:\users\Rahn\AppData\Roaming\PC Suite
2012-10-19 19:23 . 2012-10-19 19:24 -------- d-----w- c:\programdata\PC Suite
2012-10-19 19:22 . 2012-10-25 18:48 -------- d-----w- c:\programdata\Nokia
2012-10-19 19:22 . 2012-10-19 19:22 -------- d-----w- c:\program files\DIFX
2012-10-19 19:22 . 2012-06-27 13:18 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-10-19 19:21 . 2012-10-19 19:21 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-10-19 19:19 . 2012-10-25 18:48 -------- d-----w- c:\program files (x86)\Nokia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 21:16 . 2012-10-16 21:16 330240 ----a-w- c:\windows\PICSUninstall.exe
2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-10 21:43 . 2010-02-16 20:12 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 15:46 . 2012-04-02 18:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 15:46 . 2011-05-31 19:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 17:54 . 2011-10-03 10:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-20 15:02 . 2012-09-20 15:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL
2012-09-14 19:23 . 2012-10-10 20:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 20:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-31 20:03 . 2012-04-30 16:24 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 20:03 . 2010-07-23 06:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 18:11 . 2012-10-10 20:30 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 20:30 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 20:30 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 20:30 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 17:10 . 2012-10-10 20:30 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 13:19 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 13:19 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 13:20 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 13:20 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 13:20 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 13:20 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 13:20 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 13:19 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 13:20 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 13:19 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 13:19 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 13:19 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 13:20 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 13:20 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 13:20 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 13:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 13:20 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 13:20 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 13:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 13:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 13:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-21 12:01 . 2011-12-25 12:00 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2011-12-25 12:00 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-28 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANQAxADkAOQAyADQANAAzADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA&prod=90&ver=9.0.872" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-9-19 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, IqlurcIjlocn.dll
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 iComp;TerraTec G5 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
R3 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 PCPrintLogger;PaperCut Print Logger;c:\program files (x86)\PaperCut Print Logger\pcpl.exe PCPrintLogger [x]
S2 QuickPDFTCPService0721;Quick PDF Tools Background Service;c:\program files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe [2010-08-13 1918464]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-14 9644576]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-05 16407656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-09-22 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2012-10-03 22:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2012-10-12 21:31; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-31915867.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ISW - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15 23:46:38
ComboFix-quarantined-files.txt 2012-11-15 22:46
.
Vor Suchlauf: 13 Verzeichnis(se), 75.315.605.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 74.691.170.304 Bytes frei
.
- - End Of File - - 593427FC8E4B77CC8185590A0B640E30
Add-Remove Programs.txt: Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) AAVUpdateManager Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) Adobe Reader X (10.1.4) - Deutsch Apple Application Support Apple Software Update Atheros Client Installation Program BatteryLifeExtender Biet-O-Matic v2.14.8 Cam4you utilities Canon iP2700 series Benutzerregistrierung Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer ChargeableUSB Compatibility Pack für 2007 Office System CyberLink DVD Suite CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDirector CyberLink PowerDVD 8 CyberLink PowerProducer CyberLink YouCam DCIMImport 2.0.0.70 Die*Sims*Mittelalter Easy Display Manager Easy Network Manager Easy SpeedUp Manager EasyBatteryManager EclipseCrossword eReg Exact Audio Copy 1.0beta1 FastStone Image Viewer 4.0 FastStone Photo Resizer 2.9 File Uploader Firebird SQL Server - MAGIX Edition Geheimakte Tunguska GIMP 2.6.8 InfoBibliothek 2 Intel(R) Rapid Storage Technology Intel(R) Turbo Boost Technology Driver Java 7 Update 9 Java Auto Updater Junk Mail filter update MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D) MAGIX Online Druck Service MAGIX Screenshare Malwarebytes Anti-Malware Version 1.65.1.1000 Marvell Miniport Driver Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP1 English Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC100_CRT_SP1_x86 MozBackup 1.4.10 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 16.0.2 (x86 de) MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MusicBee Nikon Message Center Nikon Transfer Nokia Connectivity Cable Driver PaperCut Print Logger 1.8 PC Connectivity Solution pdfsam PrimoPDF -- brought to you by Nitro PDF Software Quick PDF Tools 2.1.6.1 Realtek High Definition Audio Driver REALTEK Wireless LAN Software Samsung R-Series Samsung Recovery Solution 4 Samsung Support Center Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition SimCity 4 Deluxe Skype™ 5.10 SmartTrainer Steuer-Spar-Erklärung Plus 2011 Steuer-Spar-Erklärung Plus 2012 StreamTransport version: 1.0.2.2171 TerraTec G5 V6.270.13.00 TheLastRipper 1.4 TIPP10 Version 2.1.0 TV-Browser 3.2 Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) User Guide VideoCam Suite 3.0 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VLC media player 2.0.1 Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Movie Maker 2.6 WinMerge 2.12.4 ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm Security |
|
| Themen zu Links (nicht nur aus Google) oft umgeleitet |
| 7-zip, ad-aware, avg secure search, bho, bonjour, cid, email, error, excel, firefox, flash player, google, links, logfile, mozilla, office 2007, plug-in, problem, realtek, recycle.bin, registry, richtlinie, scan, schulung, secure search, security, software, starten, svchost.exe, tojaner, trojaner, umleitung, virus, visual studio, werbung, windows |
.
Linear-Darstellung
