Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1)

weihnachtsen · 23.02.2013, 11:44

Ich bekomme ich letzter Zeit ununterbrochen Benachrichtigungen von Mbam über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1).

Ein Scan brachte aber nichts:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.23.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Duc :: PC [Administrator]

Schutz: Aktiviert

23.02.2013 09:56:07
mbam-log-2013-02-23 (09-56-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419718
Laufzeit: 44 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

M-K-D-B · 23.02.2013, 17:11

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Ich übernehme für Larusso.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt[/B] auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER.

weihnachtsen · 23.02.2013, 20:58

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.02.2013 20:41:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Duc\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,34% Memory free
7,98 Gb Paging File | 6,28 Gb Available in Paging File | 78,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 1204,91 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
Drive E: | 110,00 Gb Total Space | 109,89 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive G: | 2,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Duc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.02.12 21:22:26 | 001,276,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.12.20 20:09:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Duc\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2011.01.15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.01.22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.13 03:29:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.13 03:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.12 22:03:26 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.02.12 21:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 22:01:12 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.05 19:11:36 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 16:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.10.26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.02 15:32:01 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2010.02.17 14:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 2D A2 D2 8B EA CD 01  [binary data]
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1747476539-2609456145-3710287080-1004\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
 
[2013.01.25 10:48:18 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: YouTube = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: YouTube = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001..\Run: [StartMenuX] C:\Programme\Start Menu X\StartMenuX.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-1747476539-2609456145-3710287080-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1964F827-014A-4F33-AC7F-131AD06EC4C1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3241BCD1-2173-4DE8-815E-4D0957879611}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 08:46:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.21 15:29:03 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\dvdcss
[2013.02.19 16:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 16:05:12 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.02.19 16:05:12 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.02.19 16:05:06 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013.02.19 16:05:05 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013.02.19 16:05:05 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013.02.19 16:05:05 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2013.02.19 16:05:02 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
[2013.02.19 16:05:01 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013.02.19 16:05:01 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013.02.19 16:05:01 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.02.19 16:05:01 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013.02.19 16:05:00 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013.02.19 16:05:00 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013.02.19 16:04:59 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2013.02.19 16:04:57 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013.02.19 16:04:57 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.02.19 16:04:57 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.02.19 16:04:57 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
[2013.02.19 16:04:57 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.02.19 16:04:57 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013.02.19 16:04:57 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.02.19 16:04:56 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013.02.19 16:04:56 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013.02.19 16:04:56 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.02.19 16:04:56 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
[2013.02.19 16:04:56 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013.02.19 16:04:56 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.02.19 16:04:56 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013.02.19 16:04:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013.02.19 16:04:56 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013.02.19 16:04:56 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013.02.19 16:04:56 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013.02.19 16:04:56 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013.02.19 16:04:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013.02.19 16:04:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013.02.19 16:04:55 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
[2013.02.19 16:03:26 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.19 16:03:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.19 16:03:24 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.02.19 16:03:24 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.19 16:03:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.19 16:03:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.19 16:03:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.19 16:03:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.19 16:03:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.19 16:03:23 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.02.19 16:03:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.02.19 16:03:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.19 16:02:24 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.19 15:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013.02.19 15:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013.02.19 15:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2013.02.19 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Hotspot Shield
[2013.02.17 14:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.12 22:01:12 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013.02.12 21:51:52 | 000,042,184 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[1 C:\Users\Duc\Documents\*.tmp files -> C:\Users\Duc\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 20:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.23 20:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 17:48:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 17:46:16 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.23 17:46:15 | 3421,143,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 08:46:52 | 337,238,165 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.21 19:15:34 | 000,000,355 | ---- | M] () -- C:\Users\Duc\Desktop\Computer - Verknüpfung.lnk
[2013.02.21 19:14:27 | 000,430,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.19 16:00:28 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013.02.17 14:11:39 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.12 22:01:12 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013.02.12 21:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013.02.07 00:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.07 00:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Duc\Documents\*.tmp files -> C:\Users\Duc\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 08:46:52 | 337,238,165 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.21 19:15:34 | 000,000,355 | ---- | C] () -- C:\Users\Duc\Desktop\Computer - Verknüpfung.lnk
[2013.02.21 19:14:13 | 000,430,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.19 16:04:55 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.19 16:00:28 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013.01.09 20:27:36 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.12.20 20:08:54 | 000,000,000 | ---- | C] () -- C:\Users\Duc\defogger_reenable
[2012.12.05 19:09:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.10.26 16:42:24 | 000,336,232 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.10.26 16:42:22 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.10.26 16:42:22 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.12.20 03:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.12.20 03:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.12.20 01:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.12.20 01:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.12.20 01:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.12.20 03:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2012.12.20 03:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >

--- --- ---

Extras.txtOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.02.2013 20:41:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Duc\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,34% Memory free
7,98 Gb Paging File | 6,28 Gb Available in Paging File | 78,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 1204,91 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
Drive E: | 110,00 Gb Total Space | 109,89 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive G: | 2,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Duc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08145BD4-D35D-4151-94C8-3E77F029B95E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B2FEBAE-7D7E-4324-B434-61B8F9AB08C3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0F99D229-A0A4-471C-93D8-7560400D61C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1D254C53-85F4-4F64-AEA3-75E1ECFA4A22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33513E08-D375-49FD-A994-E8C75C0A20C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{345EB036-E8FA-4C7C-B79D-E85FC6574213}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{39472887-E9F3-46A0-A59F-F3114C64E9A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4523202F-2EA8-4A9E-9F97-E793495BAEB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5078CE74-2E7C-4A6B-A63C-5F2F03C7784D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5AAA3C4E-9903-4D55-927E-8B61EDBFAC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6286FE39-BEB6-47CB-ABF6-D8E7832A57FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{72DE7083-92E8-444A-8210-BEB1187226D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76B18895-DDEF-4273-89E6-00E62204608B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{7E372F8F-ACAF-4BD9-B70E-BB15B3B12241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{816497AF-7F6B-4E1C-B2FF-4E429D421D6D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{92E467E6-7451-40F0-B988-A548EFE7EA8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9D573AD-F6C8-4A1D-8028-646195AEB0D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD383AB5-C45E-4D67-BD1B-DB44A95A753E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E14B9FD8-A73C-4E2D-8F21-A427ABD2D7F5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB47A407-4178-4198-AB9F-53045A263D86}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBBE22BC-6EED-4DD9-A684-E4F6E24F7728}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F14513C8-6A30-4E95-A9A4-F486381498E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02395640-A815-430C-A0AD-CBB8508AEFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{03D6082E-1897-4928-93F7-7B9E1F71D794}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B9B44D1-D7D4-4073-B029-AA139CF094E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BFE36C9-BB6F-4ACB-82FC-6C557BCC995A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0FB8ABBF-955E-4BBB-B08A-0838200B764C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{13D3C2A6-0120-446A-AE87-7EE06268555F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1864EA66-FDA3-45A2-A974-55B75D391A79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{1A4E18DA-A78C-44B7-BACD-4EB6D5DC0DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AD3E5FD-5C36-416B-BD31-A6AA4CD10A6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1C1D0301-1C3A-47A8-B19E-CFD46458704B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{1C8DDD60-BB86-49BE-8F15-FDF34A0A1E29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{1E83A5C5-5B6E-4E27-A9A0-58CB0EA940FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1F689775-2347-46D7-BA40-64E8E2192033}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2669CEAF-8107-4045-9316-BFE5982C443C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{26E458C3-655C-4346-ABAC-AEA659A4A5AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2CA6CE12-7D40-4E80-B72E-D10547ADD717}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2EE05903-2854-4A24-9DA5-61D849B66E58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{320C7F06-399C-4D7F-867A-02B13EE7E1B6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{33E20C51-E998-44E7-B160-F9FACB9432CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{35AF2155-5781-4D3B-97D2-5A7575B6777E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C0E0CBD-6845-4E04-9A3A-5E92FD577D0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{3C64EB43-3C0A-48D1-8ADF-6A6EE9F458E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{3F13490F-C281-47AC-8B80-CD3BEED698A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4069F910-0E6E-4233-A426-9C0865B360B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{41DCD50F-D2BA-4106-B85D-CF96B773D73F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{45C0423F-81D6-4836-8F1E-F18C3F4FCBD8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4654CE52-BB81-40D2-B806-F244B04B3E32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4F5886DB-63D6-4572-ABC9-BCE6798E4129}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{4F77BAC9-B8E7-4819-A3B4-E30DB9FADA72}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{5089CC32-9E49-4172-AAAD-EF8B4E915FD6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{52BF0C8D-8808-45ED-BF4C-C9682648A82B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{588F42BA-7ACE-437D-B605-31863CF2D2A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{59407969-EF3C-4A6E-BFCA-829179C94D07}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{5A820130-72A1-46E2-9218-6D781CD1097C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{67295093-4D03-4216-9694-FE95A8F4961E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6ACD750A-F649-47F2-A0A2-85668A784B81}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{6CE22305-7722-4FD7-8D60-233EA59B5A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F62F31E-1687-47BB-A880-F9BCC6C3BEAF}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{73E9B37F-8DE6-423E-9154-0548D3C2D698}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{74576298-0960-4172-B3EF-B5F4B965A154}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{85920A7C-D2E0-4610-B7BF-AEECEDBF5EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{868EC7DE-0911-4DCE-8EBF-513E0BC2C2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{89B9F220-F8B6-432D-A9F3-3D2209F6F590}" = protocol=6 | dir=out | app=system | 
"{8AA1B0D6-A0E9-4060-85F7-F0D8A5215FCD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{8E79C5B2-3148-47AF-971C-975D967DD7D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{92D18D05-48D0-465A-BA7B-18FAB0236DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{9E8D6045-F73E-42E6-BA86-409C636C8324}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A08AD869-A144-40E5-BF01-3522D3B6690B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{A0E59358-0646-4F8F-B941-7EEDA9743F51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A2000C4C-D87F-4662-AD69-09EDE533AF29}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{A38EFA4D-96A3-43EA-B3B3-8BEEA7AD38C6}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{A6E120FE-3A71-4CD8-80C6-E6F51A8A7A21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AAA84A57-C1E9-4F46-A046-FDEC5F462350}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{AB1DB64E-B8DA-4D2D-9DC8-AF4A9946F277}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{ACE9B2FC-6D45-432B-A029-D94F65EBE8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACFE7B3B-BDE1-4C40-BF9C-F25E90844D7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AF69A72F-3972-4671-B8DF-49450E21BEFF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{B311930E-D248-4E65-9FD3-3B480BF02D87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{B8C8AEAC-ECA8-4626-9787-9A2196220D80}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{BBBFE515-19FE-40B0-88E8-919EBF82B26D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{CC599B9F-5837-421B-89D6-5B3BCB9FB48F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{CFFFEADD-CB35-401D-8FC8-71B76DA366AF}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{D0961F70-86C2-4267-87F1-F7D991D6A928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D449CC86-658E-4044-9C51-A961C642CA03}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E0A5EE40-2DF8-407F-B860-DEDCE0D3823E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{E0A77A4F-DAB0-4312-8C02-78B62FC2E11E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E36E88B1-52E6-4D9D-9380-6EB976E07892}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA7A007E-BE47-4A8F-B765-B15CD30BAC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EACD3606-E19F-4962-8CB5-72D60AD8A0B5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{EAF5913D-8DCE-4C30-89F6-891B29DF6DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{F0BBB377-1419-4FA5-BA43-92FF33807EF2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{FB648C93-B591-4BDB-A0BE-A2E07EFE300E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X Version 4.47
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"AVG" = AVG 2013
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}" = Steganos Online-Banking 2012
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 2.0.22.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 2.87
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 43110" = Metro 2033
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JDownloader Packages" = JDownloader Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2013 12:54:11 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3453
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4672
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4672
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5688
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5688
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6703
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6703
 
[ System Events ]
Error - 21.02.2013 14:14:35 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 21.02.2013 14:14:35 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 03:46:26 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description = 
 
Error - 23.02.2013 03:47:00 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?02.?2013 um 22:21:05 unerwartet heruntergefahren.
 
Error - 23.02.2013 03:47:01 | Computer Name = PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 03:47:07 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 03:47:07 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 12:46:22 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 16:47:00 unerwartet heruntergefahren.
 
Error - 23.02.2013 12:46:28 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 12:46:29 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >

--- --- ---

weihnachtsen · 23.02.2013, 21:00

Extras.txt

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.02.2013 20:41:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Duc\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,34% Memory free
7,98 Gb Paging File | 6,28 Gb Available in Paging File | 78,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 1204,91 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
Drive E: | 110,00 Gb Total Space | 109,89 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive G: | 2,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Duc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08145BD4-D35D-4151-94C8-3E77F029B95E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B2FEBAE-7D7E-4324-B434-61B8F9AB08C3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0F99D229-A0A4-471C-93D8-7560400D61C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1D254C53-85F4-4F64-AEA3-75E1ECFA4A22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33513E08-D375-49FD-A994-E8C75C0A20C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{345EB036-E8FA-4C7C-B79D-E85FC6574213}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{39472887-E9F3-46A0-A59F-F3114C64E9A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4523202F-2EA8-4A9E-9F97-E793495BAEB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5078CE74-2E7C-4A6B-A63C-5F2F03C7784D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5AAA3C4E-9903-4D55-927E-8B61EDBFAC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6286FE39-BEB6-47CB-ABF6-D8E7832A57FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{72DE7083-92E8-444A-8210-BEB1187226D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76B18895-DDEF-4273-89E6-00E62204608B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{7E372F8F-ACAF-4BD9-B70E-BB15B3B12241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{816497AF-7F6B-4E1C-B2FF-4E429D421D6D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{92E467E6-7451-40F0-B988-A548EFE7EA8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9D573AD-F6C8-4A1D-8028-646195AEB0D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD383AB5-C45E-4D67-BD1B-DB44A95A753E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E14B9FD8-A73C-4E2D-8F21-A427ABD2D7F5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB47A407-4178-4198-AB9F-53045A263D86}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBBE22BC-6EED-4DD9-A684-E4F6E24F7728}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F14513C8-6A30-4E95-A9A4-F486381498E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02395640-A815-430C-A0AD-CBB8508AEFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{03D6082E-1897-4928-93F7-7B9E1F71D794}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B9B44D1-D7D4-4073-B029-AA139CF094E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BFE36C9-BB6F-4ACB-82FC-6C557BCC995A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0FB8ABBF-955E-4BBB-B08A-0838200B764C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{13D3C2A6-0120-446A-AE87-7EE06268555F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1864EA66-FDA3-45A2-A974-55B75D391A79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{1A4E18DA-A78C-44B7-BACD-4EB6D5DC0DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AD3E5FD-5C36-416B-BD31-A6AA4CD10A6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1C1D0301-1C3A-47A8-B19E-CFD46458704B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{1C8DDD60-BB86-49BE-8F15-FDF34A0A1E29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{1E83A5C5-5B6E-4E27-A9A0-58CB0EA940FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1F689775-2347-46D7-BA40-64E8E2192033}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2669CEAF-8107-4045-9316-BFE5982C443C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{26E458C3-655C-4346-ABAC-AEA659A4A5AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2CA6CE12-7D40-4E80-B72E-D10547ADD717}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2EE05903-2854-4A24-9DA5-61D849B66E58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{320C7F06-399C-4D7F-867A-02B13EE7E1B6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{33E20C51-E998-44E7-B160-F9FACB9432CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{35AF2155-5781-4D3B-97D2-5A7575B6777E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C0E0CBD-6845-4E04-9A3A-5E92FD577D0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{3C64EB43-3C0A-48D1-8ADF-6A6EE9F458E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{3F13490F-C281-47AC-8B80-CD3BEED698A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4069F910-0E6E-4233-A426-9C0865B360B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{41DCD50F-D2BA-4106-B85D-CF96B773D73F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{45C0423F-81D6-4836-8F1E-F18C3F4FCBD8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4654CE52-BB81-40D2-B806-F244B04B3E32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4F5886DB-63D6-4572-ABC9-BCE6798E4129}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{4F77BAC9-B8E7-4819-A3B4-E30DB9FADA72}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{5089CC32-9E49-4172-AAAD-EF8B4E915FD6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{52BF0C8D-8808-45ED-BF4C-C9682648A82B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{588F42BA-7ACE-437D-B605-31863CF2D2A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{59407969-EF3C-4A6E-BFCA-829179C94D07}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{5A820130-72A1-46E2-9218-6D781CD1097C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{67295093-4D03-4216-9694-FE95A8F4961E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6ACD750A-F649-47F2-A0A2-85668A784B81}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{6CE22305-7722-4FD7-8D60-233EA59B5A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F62F31E-1687-47BB-A880-F9BCC6C3BEAF}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{73E9B37F-8DE6-423E-9154-0548D3C2D698}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{74576298-0960-4172-B3EF-B5F4B965A154}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{85920A7C-D2E0-4610-B7BF-AEECEDBF5EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{868EC7DE-0911-4DCE-8EBF-513E0BC2C2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{89B9F220-F8B6-432D-A9F3-3D2209F6F590}" = protocol=6 | dir=out | app=system | 
"{8AA1B0D6-A0E9-4060-85F7-F0D8A5215FCD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{8E79C5B2-3148-47AF-971C-975D967DD7D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{92D18D05-48D0-465A-BA7B-18FAB0236DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{9E8D6045-F73E-42E6-BA86-409C636C8324}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A08AD869-A144-40E5-BF01-3522D3B6690B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{A0E59358-0646-4F8F-B941-7EEDA9743F51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A2000C4C-D87F-4662-AD69-09EDE533AF29}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{A38EFA4D-96A3-43EA-B3B3-8BEEA7AD38C6}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{A6E120FE-3A71-4CD8-80C6-E6F51A8A7A21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AAA84A57-C1E9-4F46-A046-FDEC5F462350}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{AB1DB64E-B8DA-4D2D-9DC8-AF4A9946F277}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{ACE9B2FC-6D45-432B-A029-D94F65EBE8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACFE7B3B-BDE1-4C40-BF9C-F25E90844D7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AF69A72F-3972-4671-B8DF-49450E21BEFF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{B311930E-D248-4E65-9FD3-3B480BF02D87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{B8C8AEAC-ECA8-4626-9787-9A2196220D80}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{BBBFE515-19FE-40B0-88E8-919EBF82B26D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{CC599B9F-5837-421B-89D6-5B3BCB9FB48F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{CFFFEADD-CB35-401D-8FC8-71B76DA366AF}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{D0961F70-86C2-4267-87F1-F7D991D6A928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D449CC86-658E-4044-9C51-A961C642CA03}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E0A5EE40-2DF8-407F-B860-DEDCE0D3823E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{E0A77A4F-DAB0-4312-8C02-78B62FC2E11E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E36E88B1-52E6-4D9D-9380-6EB976E07892}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA7A007E-BE47-4A8F-B765-B15CD30BAC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EACD3606-E19F-4962-8CB5-72D60AD8A0B5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{EAF5913D-8DCE-4C30-89F6-891B29DF6DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{F0BBB377-1419-4FA5-BA43-92FF33807EF2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{FB648C93-B591-4BDB-A0BE-A2E07EFE300E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X Version 4.47
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"AVG" = AVG 2013
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}" = Steganos Online-Banking 2012
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 2.0.22.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 2.87
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 43110" = Metro 2033
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1747476539-2609456145-3710287080-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JDownloader Packages" = JDownloader Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2013 12:54:11 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3453
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4672
 
Error - 23.02.2013 12:54:12 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4672
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5688
 
Error - 23.02.2013 12:54:13 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5688
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6703
 
Error - 23.02.2013 12:54:14 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6703
 
[ System Events ]
Error - 21.02.2013 14:14:35 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 21.02.2013 14:14:35 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 03:46:26 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description = 
 
Error - 23.02.2013 03:47:00 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?02.?2013 um 22:21:05 unerwartet heruntergefahren.
 
Error - 23.02.2013 03:47:01 | Computer Name = PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 03:47:07 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 03:47:07 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 12:46:22 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 16:47:00 unerwartet heruntergefahren.
 
Error - 23.02.2013 12:46:28 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.02.2013 12:46:29 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >

--- --- ---

defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:04 on 23/02/2013 (Duc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Gmer

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19081 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-23 21:20:59
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD155UI rev.1AQ10001 1397,27GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\Duc\AppData\Local\Temp\pxloapow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                  fffff960001a4300 7 bytes [C0, 85, 1B, 01, 00, F2, 9B]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                              fffff960001a4308 5 bytes [01, A8, E4, FF, 00]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\wininit.exe[904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\winlogon.exe[976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\winlogon.exe[976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\dwm.exe[1216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\dwm.exe[1216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fbb7a71532 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fbb7a7153a 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fbb7a7165a 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1352] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1352] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1352] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                          000007fbb7a71532 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1352] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                          000007fbb7a7153a 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\system32\nvvsvc.exe[1352] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                        000007fbb7a7165a 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1660] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1660] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                    000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                    000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\dashost.exe[2092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\dashost.exe[2092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[2392] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[2392] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[3412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\svchost.exe[3412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\svchost.exe[2872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\System32\svchost.exe[2872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\DllHost.exe[3836] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\DllHost.exe[3836] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\taskhostex.exe[1240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\taskhostex.exe[1240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\Explorer.EXE[1580] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                       000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\Explorer.EXE[1580] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                       000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                  000007fbb7a71532 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                  000007fbb7a7153a 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                000007fbb7a7165a 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[5104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[5104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Start Menu X\StartMenuX.exe[4464] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 690                                            000007fbb7a71532 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\Start Menu X\StartMenuX.exe[4464] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 698                                            000007fbb7a7153a 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\Start Menu X\StartMenuX.exe[4464] C:\Windows\SYSTEM32\msimg32.dll!TransparentBlt + 246                                          000007fbb7a7165a 4 bytes [A7, B7, FB, 07]
.text   C:\Program Files\Start Menu X\StartMenuX.exe[4464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\Start Menu X\StartMenuX.exe[4464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\iPod\bin\iPodService.exe[4988] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                     000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Program Files\iPod\bin\iPodService.exe[4988] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                     000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\splwow64.exe[3348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                       000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\splwow64.exe[3348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                       000007fbbb941782 4 bytes [94, BB, FB, 07]
.text   C:\Windows\splwow64.exe[3348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                 000007fbb7a71532 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\splwow64.exe[3348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                 000007fbb7a7153a 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\splwow64.exe[3348] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                               000007fbb7a7165a 4 bytes [A7, B7, FB, 07]
.text   C:\Windows\system32\msiexec.exe[7000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fbbb94177a 4 bytes [94, BB, FB, 07]
.text   C:\Windows\system32\msiexec.exe[7000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fbbb941782 4 bytes [94, BB, FB, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [920:936]                                                                                                          fffff960008595e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                1276909453

---- Files - GMER 2.1 ----

File    C:\Windows\apppatch\AcGenral.dll                                                                                                                 (size mismatch) 158768/2360320 bytes executable
File    C:\Windows\apppatch\AcLayers.dll                                                                                                                 (size mismatch) 1742832/311296 bytes executable
File    C:\Windows\apppatch\AcWinRT.dll                                                                                                                  (size mismatch) 1217328/9216 bytes executable
File    C:\Windows\apppatch\apppatch64\AcWinRT.dll                                                                                                       (size mismatch) 307192/11264 bytes executable
File    C:\Windows\apppatch\apppatch64\AcXtrnal.dll                                                                                                      (size mismatch) 339456/13312 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\de-DE                                       0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\de-DE\MpAsDesc.dll.mui                      50688 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\de-DE\MpEvMsg.dll.mui                       28160 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\de-DE\MsMpRes.dll.mui                       91136 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\EppManifest.dll                             146944 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpAsDesc.dll                                104960 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpClient.dll                                901632 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpCmdRun.exe                                292688 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpCommu.dll                                 292352 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpEvMsg.dll                                 95232 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpOAV.dll                                   54272 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpRtp.dll                                   537600 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpSvc.dll                                   1469952 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpTpmAtt.dll                                34304 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpUtil.dll                                  193536 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\mpuxhostproxy.dll                           12288 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MpUXSrv.exe                                 38912 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MSASCui.exe                                 1304064 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MsMpCom.dll                                 65024 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MsMpEng.exe                                 15440 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MsMpLics.dll                                3584 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9cf756f41a714a9a685973aafee744b5\MsMpRes.dll                                 432128 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE                                       0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\mpvis.dll.mui                         2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\setup_wm.exe.mui                      65024 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmlaunch.exe.mui                      2048 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmplayer.exe.mui                      2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\WMPMediaSharing.dll.mui               2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmpnetwk.exe.mui                      47616 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmpnscfg.exe.mui                      3072 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmpnssci.dll.mui                      4096 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\wmpnssui.dll.mui                      2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\de-DE\WMPSideShowGadget.exe.mui             4096 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Icons                                       0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer                              0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\avtransport.xml              20699 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\connectionmanager_dmr.xml    5375 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\DMR_120.jpg                  2979 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\DMR_120.png                  14876 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\DMR_48.jpg                   1220 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\DMR_48.png                   4265 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\RenderingControl.xml         6363 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Media Renderer\RenderingControl_DMP.xml     2355 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\mpvis.DLL                                   291328 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing                             0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\ConnectionManager.xml       5422 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\ContentDirectory.xml        7515 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\MediaReceiverRegistrar.xml  2574 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color120.jpg         4743 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color120.png         16037 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color32.bmp          4152 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color32.jpg          1859 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color48.bmp          9272 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color48.jpg          2320 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Network Sharing\wmpnss_color48.png          5022 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\setup_wm.exe                                2050560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Skins                                       0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Skins\Revert.wmz                            66823 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\Visualizations                              0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmlaunch.exe                                244736 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmpconfig.exe                               1093880 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmplayer.exe                                0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\WMPMediaSharing.dll                         140288 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmpnetwk.exe                                0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmpnscfg.exe                                68096 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmpnssci.dll                                0 bytes
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\WMPNSSUI.dll                                18944 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmprph.exe                                  75264 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\wmpshare.exe                                354816 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\de521c9972f3899c2cab453700e39cfc\WMPSideShowGadget.exe                       164352 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\mpvis.dll.mui                               2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\setup_wm.exe.mui                            65024 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmlaunch.exe.mui                            2048 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmplayer.exe.mui                            2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\WMPMediaSharing.dll.mui                     2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmpnetwk.exe.mui                            47616 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmpnscfg.exe.mui                            3072 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmpnssci.dll.mui                            4096 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\wmpnssui.dll.mui                            2560 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Macb3acae#\6749216699748ea1839947555f12aac8\WMPSideShowGadget.exe.mui                   4096 bytes executable
File    C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V883708cb#\84f7412d8b3ac59fa922160f84c9f1e4\de-DE                                       0 bytes

---- EOF - GMER 2.1 ----

--- --- ---

M-K-D-B · 24.02.2013, 11:35

Servus,

Poste mir als erstes diese Benachrichtigungen von MBAM:

Bitte alle Logs mit Funden posten

weihnachtsen · 24.02.2013, 12:05

Das sind ungefähr 30 Textdateien mit dem (fast) gleichen Inhalt... soll ich sie trotzdem posten?

M-K-D-B · 24.02.2013, 12:47

Servus,

eine Logdatei genügt mir, in der "127.0.0.1" zu finden ist.

M-K-D-B · 28.02.2013, 16:40

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

weihnachtsen · 15.03.2013, 23:31

Hi,

sorry für die fehlende Rückmeldung. Da die Meldung seitdem nicht mehr erschien und Mbam keine Ergebnisse zeigte, dachte ich der Pc wäre geheilt. Hab heute aber mal meinen PC durch AVG scannen lassen. Meine Internetverbindung läuft auch nicht flüssig.

Hier die Funde:
"";"Trojaner: IRC/BackDoor.SdBot4.ADKD, C:\Program Files\iPod\bin\iPodService.exe (5396)";"Gesichert"

Der permannente Ip-Block fand nur am 24.02. statt, dann nie wieder...

Zitat:

2013/02/24 10:22:10 +0100 PC (null) MESSAGE Starting protection
2013/02/24 10:22:11 +0100 PC (null) MESSAGE Protection started successfully
2013/02/24 10:22:11 +0100 PC (null) MESSAGE Starting IP protection
2013/02/24 10:22:12 +0100 PC (null) MESSAGE IP Protection started successfully
2013/02/24 10:22:19 +0100 PC (null) IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49158, Process: hsssrv.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49253, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49254, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49255, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49256, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49257, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49258, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49259, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49260, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49261, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49262, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49263, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49264, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49265, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49266, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49267, Process: nvtray.exe)
2013/02/24 10:22:59 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 49268, Process: nvtray.exe)
...
...die gleiche Meldung kommt jetzt ca. 10.000 mal noch
...
2013/02/24 10:28:58 +0100 PC Duc IP-BLOCK 127.0.0.1 (Type: outgoing, Port: 56151, Process: nvtray.exe)
2013/02/24 10:28:59 +0100 PC Duc MESSAGE Executing scheduled update: Daily
2013/02/24 10:29:06 +0100 PC Duc MESSAGE Scheduled update executed successfully: database updated from version v2013.02.23.03 to version v2013.02.24.01
2013/02/24 10:29:06 +0100 PC Duc MESSAGE Starting database refresh
2013/02/24 10:29:06 +0100 PC Duc MESSAGE Stopping IP protection
2013/02/24 10:29:06 +0100 PC Duc MESSAGE IP Protection stopped successfully
2013/02/24 10:29:08 +0100 PC Duc MESSAGE Database refreshed successfully
2013/02/24 10:29:08 +0100 PC Duc MESSAGE Starting IP protection
2013/02/24 10:29:10 +0100 PC Duc MESSAGE IP Protection started successfully
2013/02/24 13:09:36 +0100 PC (null) MESSAGE Starting protection
2013/02/24 13:09:36 +0100 PC (null) MESSAGE Protection started successfully
2013/02/24 13:09:36 +0100 PC (null) MESSAGE Starting IP protection
2013/02/24 13:09:38 +0100 PC (null) MESSAGE IP Protection started successfully
2013/02/24 15:29:43 +0100 PC Duc MESSAGE Stopping IP protection
2013/02/24 15:29:43 +0100 PC Duc MESSAGE IP Protection stopped successfully

M-K-D-B · 16.03.2013, 10:27

Servus,

Zitat:

Zitat von weihnachtsen

Meine Internetverbindung läuft auch nicht flüssig.

Was am iPodService liegen kann:

Zitat:

Zitat von weihnachtsen

Hier die Funde:
"";"Trojaner: IRC/BackDoor.SdBot4.ADKD, C:\Program Files\iPod\bin\iPodService.exe (5396)";"Gesichert"

Allerdings ist das eine Falschmeldung von AVG, du brauchst dir keine Sorgen machen.

Zitat:

Zitat von weihnachtsen

Der permannente Ip-Block fand nur am 24.02. statt, dann nie wieder...

Der IP Block von MBAM zeigt nichts Besorgniserregendes an.

Da die Logdateien schon alt sind, bitte ich dich, OTL und GMER nochmal laufen zu lassen und die Logdateien zu posten.

M-K-D-B · 19.03.2013, 17:36

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

weihnachtsen · 01.08.2013, 16:39

Ich möchte gerne noch weitermachen. Habe mal nach einem halben Jahr wieder einen Scan durchgeführt. Mbam findet 3 infizierte Dateien, hängt sich jedoch immer mitten im Scan auf und deswegen kann ich die Dateien nicht aufspüren.

M-K-D-B · 01.08.2013, 17:43

Servus,

bei derart großen Zeitabständen empfehle ich dir, ein neues Thema aufzumachen, da mittlerweile zu viel auf deinem Rechner passiert ist.

Alles Gute!

24.02.2013, 11:35	#5
M-K-D-B /// TB-Ausbilder	Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1) Servus, Poste mir als erstes diese Benachrichtigungen von MBAM: Bitte alle Logs mit Funden posten

24.02.2013, 12:47	#7
M-K-D-B /// TB-Ausbilder	Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1) Servus, eine Logdatei genügt mir, in der "127.0.0.1" zu finden ist.

01.08.2013, 17:43	#13
M-K-D-B /// TB-Ausbilder	Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1) Servus, bei derart großen Zeitabständen empfehle ich dir, ein neues Thema aufzumachen, da mittlerweile zu viel auf deinem Rechner passiert ist. Alles Gute!

Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1)

Plagegeister aller Art und deren Bekämpfung: Benachrichtigungen von MBAM über gestoppte Zugänge zu einer potenziell gefährlichen Website (127.0.0.1)