Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: betroffen von adserverplus.com und hält sich hartäckig

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.03.2013, 08:47   #1
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Hallo

mein Rechner wurde "Adserverplus.com" Trojaner / Virus befallen
und brauche Unterstützung um das Ding zu beseitigen.
Irgendwie bekomme ich es nicht hin.

Ich muss mir das Ding eingefangen haben, als ich auf ein Update von skype aufmerksam gemacht wurde. Nach Ausführung wurde mir sämtliches zusätzliches Zeug zum Download angeboten, was ich abgelehnt habe. Aber irgendwie war das schon zu spät.
Möglicherweise kann es auch schon vorher passiert sein.

Ich habe Malwarebytes installiert und durchlaufen lassen.
Das Programm hat einiges gefunden:
16.03.2013 10:08:30
mbam-log-2013-03-16 (10-08-30).txt
Infizierte Dateien: 1
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
16.03.2013 14:05:11
mbam-log-2013-03-16 (14-05-11).txt
Infizierte Dateien: 2
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt.
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
17.03.2013 08:33:33
mbam-log-2013-03-17 (08-33-33).txt
Infizierte Dateien: 1
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

aswMBR habe ich auch durchlaufen lassen und entsprechende Log-Datei angehängt.
Ebenso die Log-Datei von OTL liegt bei.
Das Programm adwcleaner findet nichts.

Danke für Eure Hilfe!
Als Virenschutz läuft GDATA AntiVirus 2013
Angehängte Dateien
Dateityp: txt mbam-log-2013-03-17 (08-33-33).txt (2,5 KB, 149x aufgerufen)
Dateityp: txt mbam-log-2013-03-16 (10-08-30).txt (2,3 KB, 159x aufgerufen)
Dateityp: txt mbam-log-2013-03-16 (14-05-11).txt (2,9 KB, 148x aufgerufen)
Dateityp: txt aswMBR_3_komplett.txt (2,0 KB, 144x aufgerufen)

Geändert von Nr45 (18.03.2013 um 09:04 Uhr)

Alt 18.03.2013, 12:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.03.2013, 13:10   #3
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Hallo
das mit dem Code wurde mir erst später klar. Pardon.


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolff :: CAD [Administrator]

Schutz: Aktiviert

16.03.2013 10:08:30
mbam-log-2013-03-16 (10-08-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261377
Laufzeit: 1 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{D7926497-E476-489B-B4E9-DBFCA45483A2}\IconD79264971.bmp (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolff :: CAD [Administrator]

Schutz: Aktiviert

16.03.2013 14:05:11
mbam-log-2013-03-16 (14-05-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 766570
Laufzeit: 1 Stunde(n), 13 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt.
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolff :: CAD [Administrator]

Schutz: Aktiviert

17.03.2013 08:33:33
mbam-log-2013-03-17 (08-33-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 766611
Laufzeit: 1 Stunde(n), 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
G:\RECYCLER\S-1-5-21-839522115-1767777339-1801674531-1003\Dd124\special\Center\Apps\_Nirsoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-18 07:51:15
-----------------------------
07:51:15.775    OS Version: Windows x64 6.1.7601 Service Pack 1
07:51:15.776    Number of processors: 4 586 0x3A09
07:51:15.776    ComputerName: CAD  UserName: 
07:51:16.083    Initialize success
07:51:21.941    AVAST engine defs: 13031701
07:51:23.436    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
07:51:23.437    Disk 0 Vendor: MAXTOR_STM3500320AS MX15 Size: 476940MB BusType: 11
07:51:23.512    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
07:51:23.513    Disk 1 Vendor: SanDisk_SDSSDX120GG25 R112 Size: 114473MB BusType: 11
07:51:23.591    Disk 1 MBR read successfully
07:51:23.593    Disk 1 MBR scan
07:51:23.597    Disk 1 Windows 7 default MBR code
07:51:23.598    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
07:51:23.604    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
07:51:23.652    Disk 1 scanning C:\Windows\system32\drivers
07:51:32.230    Service scanning
07:51:39.610    Modules scanning
07:51:39.618    Disk 1 trace - called modules:
07:51:39.629    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
07:51:39.635    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006f02060]
07:51:39.638    3 CLASSPNP.SYS[fffff8800191a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800694f060]
07:51:39.965    AVAST engine scan C:\Windows
07:51:43.970    AVAST engine scan C:\Windows\system32
07:53:52.015    AVAST engine scan C:\Windows\system32\drivers
07:53:55.880    AVAST engine scan C:\Users\Wolff
07:54:52.394    AVAST engine scan C:\ProgramData
07:55:14.183    Scan finished successfully
07:59:47.058    Disk 1 MBR has been saved successfully to "C:\Users\Wolff\Desktop\System\entferner\MBR.dat"
07:59:47.061    The log file has been saved successfully to "C:\Users\Wolff\Desktop\System\entferner\aswMBR_3_komplett.txt"
         
OTL logfile

Code:
ATTFilter
OTL logfile created on: 18.03.2013 08:34:17 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolff\Desktop\System\entferner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,47% Memory free
15,97 Gb Paging File | 12,24 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 39,32 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS
Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
 
Computer Name: CAD | User Name: Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.02.21 19:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolff\Desktop\System\entferner\OTL.exe
PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013.01.18 16:57:35 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.04.03 10:14:10 | 006,082,560 | ---- | M] (Visagesoft) -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe
PRC - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.03.19 14:10:42 | 000,169,984 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe
PRC - [2011.12.23 16:26:44 | 000,347,792 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
PRC - [2011.12.10 21:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.01 09:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe
PRC - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.12.23 11:08:47 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.09.12 16:32:22 | 001,416,504 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files (x86)\FreeCommander\FreeCommander.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.12.15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.09.25 21:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2005.05.03 23:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013.02.14 09:16:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013.02.14 09:06:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 07:42:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 07:42:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 07:41:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 07:41:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 07:41:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 07:41:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.02 18:36:36 | 004,680,704 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfcore160.bpl
MOD - [2012.04.02 18:36:36 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfeditor160.bpl
MOD - [2012.04.02 18:36:36 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\expertpdfcore160.bpl
MOD - [2012.04.02 18:36:34 | 002,672,640 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsvector160.bpl
MOD - [2012.04.02 18:36:34 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsprinters160.bpl
MOD - [2012.04.02 18:36:34 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprinter160.bpl
MOD - [2012.04.02 18:36:32 | 002,693,120 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\BBlite160.bpl
MOD - [2012.04.02 18:36:32 | 002,253,824 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\PKIECtrl160.bpl
MOD - [2012.04.02 18:36:32 | 001,186,816 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\TMSlite160.bpl
MOD - [2012.04.02 18:36:32 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspropsaver160.bpl
MOD - [2012.03.19 14:10:12 | 001,278,976 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPI.dll
MOD - [2012.02.23 15:11:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vstrees160.bpl
MOD - [2011.10.05 09:32:28 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll
MOD - [2011.09.30 18:10:22 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\js32.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.12.15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.11 11:22:08 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.12 21:29:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.08 19:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013.01.18 16:57:35 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.09.28 18:52:44 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.09.25 14:56:37 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Programme\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.12.10 21:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.12.23 11:08:47 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.05.03 23:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe -- (MSSQL$SIBBAUWERKE)
SRV - [2005.05.03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL$SIBBAUWERKE\Binn\sqlagent.EXE -- (SQLAgent$SIBBAUWERKE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.11 11:22:08 | 000,331,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2013.02.11 11:22:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2013.02.11 11:22:06 | 000,303,304 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2013.02.11 11:22:06 | 000,141,256 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2013.02.11 11:22:06 | 000,090,056 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2013.02.11 11:22:06 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2013.01.22 17:08:56 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2013.01.10 21:43:58 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.10 21:43:57 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.10 21:43:57 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.10 21:43:57 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.10 21:43:57 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.01.03 09:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 09:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.03 08:55:13 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.03 14:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.09.25 21:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.09.25 21:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idea.de/startseite.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 E7 B8 2F AC 0D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\hp.com/hpePrintShare: C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL (hp)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.04 12:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.08 15:05:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.16 08:12:56 | 000,000,000 | ---D | M]
 
[2013.02.08 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Wolff\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: hp ePrint&Share (Enabled) = C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech SetPoint = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Google Mail = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Auto Lyrics = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Heleni Uploader] C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MBoxUtil Clean] C:\Program Files (x86)\KONICA MINOLTA\BOX Utility\BoxUtil.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files (x86)\SFirm32\sfWinStartupInfo.exe (BIVG Hannover)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [neoSearch] C:\Users\Wolff\AppData\Roaming\KoshyJohn.com\neoSearch\neoSearch.exe (KoshyJohn.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E97791-E79B-461C-8829-74443A2FEB33}: NameServer = 192.168.137.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.15 12:22:57 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\starter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 09:59:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.17 09:59:08 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.17 07:06:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.16 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\Malwarebytes
[2013.03.16 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 10:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 10:07:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.16 10:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.16 08:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics
[2013.03.13 21:08:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 21:08:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 21:08:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 21:08:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 21:08:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 21:08:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 21:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 21:08:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 21:08:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 21:08:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 21:08:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 21:08:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 21:08:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 21:08:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 21:08:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Readiris
[2013.03.12 22:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S.
[2013.03.12 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Readiris Pro 12
[2013.03.12 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.03.08 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Logishrd
[2013.03.08 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.03.08 15:00:51 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2013.03.08 15:00:14 | 022,309,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.08 15:00:14 | 018,584,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.08 15:00:14 | 016,470,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.08 15:00:14 | 013,013,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.08 15:00:14 | 012,010,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.08 15:00:14 | 007,132,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.08 15:00:14 | 006,561,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.08 15:00:14 | 005,306,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.08 15:00:14 | 002,946,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.08 15:00:14 | 002,806,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.08 15:00:14 | 002,344,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.08 15:00:14 | 002,215,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.08 15:00:14 | 002,084,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.08 15:00:14 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.03.08 15:00:14 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.03.07 12:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2013.03.07 07:58:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.07 07:58:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.07 07:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.06 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\HEITKER
[2013.03.04 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Wondershare PDF to Word
[2013.03.02 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\UltraVNC
[2013.03.02 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2013.03.02 10:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\uvnc bvba
[2013.03.01 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.27 18:00:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 18:00:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 18:00:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 18:00:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 17:59:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 17:59:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 17:59:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 17:59:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 17:59:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 17:59:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 17:59:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 17:59:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 17:59:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 17:59:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 17:59:58 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 17:59:57 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 17:59:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 17:59:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 17:59:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 17:59:57 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 17:59:57 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 17:59:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 17:59:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.23 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.thumbnails
[2013.02.23 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\fontconfig
[2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\gegl-0.2
[2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.gimp-2.8
[2013.02.23 16:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.23 10:16:09 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll
[2013.02.23 10:16:09 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys
[2013.02.22 12:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.22 12:37:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.02.22 12:37:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.22 12:37:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.22 12:37:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.02.22 12:37:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.02.22 12:37:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.02.22 12:37:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.02.22 12:37:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.02.22 12:37:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.02.22 12:37:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.02.22 12:37:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.02.22 12:37:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.02.22 12:37:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.02.22 12:37:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.02.22 12:37:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.02.22 12:37:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.02.22 12:37:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.02.22 12:37:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.22 12:37:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.02.22 12:37:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.02.22 12:37:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.02.22 12:37:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.22 12:37:36 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.02.22 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\XnView
[2013.02.22 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Secunia PSI
[2013.02.22 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.21 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.20 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.20 12:11:52 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.20 12:11:52 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 08:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 08:03:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.03.18 07:42:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.18 07:42:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.18 06:58:53 | 001,011,756 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.03.18 06:58:53 | 000,053,051 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.03.18 06:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 03:23:20 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 03:23:20 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 03:20:35 | 001,704,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.18 03:20:35 | 000,732,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.18 03:20:35 | 000,679,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.18 03:20:35 | 000,164,332 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.18 03:20:35 | 000,133,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.18 03:16:08 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 10:07:40 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 09:19:58 | 000,000,216 | ---- | M] () -- C:\Users\Wolff\defogger_reenable
[2013.03.14 17:43:32 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.13 18:10:57 | 000,125,420 | ---- | M] () -- C:\Users\Wolff\Documents\Readiris.DUS
[2013.03.13 09:58:45 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV24.dll
[2013.03.12 22:13:22 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk
[2013.03.12 22:13:22 | 000,000,150 | ---- | M] () -- C:\Windows\Readiris.ini
[2013.03.12 21:29:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 21:29:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 08:29:35 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV14.dll
[2013.03.11 19:07:02 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk
[2013.03.08 15:05:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.03.07 12:14:29 | 000,003,652 | ---- | M] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk
[2013.03.07 07:58:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.07 07:58:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.07 07:58:33 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.07 07:58:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.06 16:50:04 | 000,275,160 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppr4-x64.dll
[2013.03.06 16:49:58 | 000,250,072 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppmon4.dll
[2013.03.02 07:59:03 | 000,000,241 | ---- | M] () -- C:\Users\Wolff\Documents\ax_files.xml
[2013.02.23 16:20:53 | 000,001,518 | ---- | M] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel
[2013.02.22 12:33:14 | 000,001,799 | ---- | M] () -- C:\Users\Wolff\Desktop\XnView.lnk
[2013.02.22 12:32:22 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.02.22 12:31:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 12:29:36 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.22 10:52:13 | 000,001,168 | ---- | M] () -- C:\Users\Wolff\Desktop\PC-Adreßzz! 7.x.LNK
[2013.02.22 10:50:09 | 000,001,197 | ---- | M] () -- C:\Users\Wolff\Desktop\Safer Mail 6.x.LNK
[2013.02.21 19:16:13 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.20 20:07:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.19 09:06:25 | 000,000,243 | ---- | M] () -- C:\Users\Wolff\Documents\acad.err
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.16 10:07:40 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 09:19:58 | 000,000,216 | ---- | C] () -- C:\Users\Wolff\defogger_reenable
[2013.03.16 08:12:58 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.03.13 18:03:10 | 000,125,420 | ---- | C] () -- C:\Users\Wolff\Documents\Readiris.DUS
[2013.03.12 22:13:22 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk
[2013.03.12 22:13:22 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2013.03.11 19:07:07 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV24.dll
[2013.03.11 19:07:02 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk
[2013.03.07 12:14:29 | 000,003,652 | ---- | C] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk
[2013.02.23 16:20:53 | 000,001,518 | ---- | C] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel
[2013.02.23 16:04:13 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.02.22 12:33:14 | 000,001,799 | ---- | C] () -- C:\Users\Wolff\Desktop\XnView.lnk
[2013.02.22 12:29:36 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.22 12:29:36 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.21 19:28:02 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.20 12:11:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 09:06:25 | 000,000,243 | ---- | C] () -- C:\Users\Wolff\Documents\acad.err
[2013.02.02 19:05:31 | 000,004,608 | ---- | C] () -- C:\Users\Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.13 16:43:42 | 000,700,365 | ---- | C] () -- C:\Windows\unins000.exe
[2012.10.13 16:43:42 | 000,032,607 | ---- | C] () -- C:\Windows\unins000.dat
[2012.10.03 09:55:25 | 000,007,143 | ---- | C] () -- C:\Windows\Rohre.ini
[2012.10.03 09:07:58 | 001,511,936 | ---- | C] () -- C:\Windows\SysWow64\Vdk200.dll
[2012.10.03 09:07:58 | 001,121,280 | ---- | C] () -- C:\Windows\SysWow64\flt_pdf.dll
[2012.10.03 09:07:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\vgw_url.dll
[2012.10.03 09:07:58 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\flt_rec.dll
[2012.10.03 09:07:58 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\flt_kv.dll
[2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_tofl.dll
[2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_meta.dll
[2012.10.03 09:07:58 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\flt_tobf.dll
[2012.10.03 09:07:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\utf7.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\utf8.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\unicode.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\europa3.dll
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XTree.ini
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XSearch.ini
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XIndex.ini
[2012.10.01 12:27:42 | 000,000,221 | ---- | C] () -- C:\Windows\espia.ini
[2012.10.01 12:22:24 | 000,000,353 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.10.01 12:20:25 | 000,000,227 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.01 10:51:30 | 000,000,093 | ---- | C] () -- C:\Users\Wolff\AppData\Local\fusioncache.dat
[2012.09.29 14:18:02 | 001,011,756 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 20:00:06 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV14.dll
[2012.09.28 19:31:53 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll
[2012.09.28 19:31:24 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2012.09.28 19:31:24 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2012.09.28 19:31:24 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll
[2012.09.28 19:13:45 | 000,000,397 | ---- | C] () -- C:\Windows\BoxUtil.INI
[2012.09.28 19:13:45 | 000,000,171 | ---- | C] () -- C:\Windows\MBoxWin.ini
[2012.09.28 18:48:19 | 001,684,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.25 12:00:33 | 000,039,049 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.25 11:57:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.25 11:57:41 | 000,028,702 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.10 21:12:58 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.08 08:44:04 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
__________________

Alt 18.03.2013, 13:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E97791-E79B-461C-8829-74443A2FEB33}: NameServer = 192.168.137.1
Warum bitte eine Professional-Edition für Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 13:17   #5
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Ich bin Freiberufler und kümmere mich mehr oder weniger um meine Hardware selbst.


Alt 18.03.2013, 13:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Ok, ich poste den Hinweis trotzdem mal:


Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Gelesen und verstanden? es geht hauptsächlich um den in fetten, rotfarbenen Text in der o.g. Zitatbox.
__________________
--> betroffen von adserverplus.com und hält sich hartäckig

Alt 18.03.2013, 13:27   #7
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Den rotfarbenen Text hab ich gelesen.

Alt 18.03.2013, 13:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Und die Konsquenz ist dir klar? Wie willst du jetzt weitermachen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 16:10   #9
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



ich speichere grundsätzlich keine Passwörter auf der Festplatte.
Die Daten sind alle im Netz gespeichert.
Das Bankenprogramm kann ich notfalls deinstallieren. Eine Datensicherung ist vorhanden.
Ich habe keine Lust 2 Tage lang wieder den Rechner neu zu installieren.
Wo liegen da noch Risiken?

Alt 18.03.2013, 16:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Zitat:
Wo liegen da noch Risiken?
Ähm ich hab es doch extra in dicker Rotschrift vorhin hervorgehoben

Edit: Egal, machen wir mal weiter. GMER und aswMBR hast du ja schon ausgeführt...
Weiter geht mit MBAR und dem TDSS-Killer

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (18.03.2013 um 16:19 Uhr)

Alt 18.03.2013, 16:59   #11
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Nach dem Starten der mbar.exe erscheint folgendes:

"AppInit_Dlls" gefunden, verursacht möglicherweise Rootkit activity

Was ist zu tun löschen oder erstmal übergehen?

Alt 18.03.2013, 17:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Da bitte auf nein klicken
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 17:21   #13
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Malwarebytes Anti-Rootkit BETA 1.01.0.1021
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolff :: CAD [administrator]

18.03.2013 17:11:17
mbar-log-2013-03-18 (17-11-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31126
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller
Code:
ATTFilter
17:13:27.0836 4644  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:13:27.0945 4644  ============================================================
17:13:27.0945 4644  Current date / time: 2013/03/18 17:13:27.0945
17:13:27.0945 4644  SystemInfo:
17:13:27.0945 4644  
17:13:27.0945 4644  OS Version: 6.1.7601 ServicePack: 1.0
17:13:27.0945 4644  Product type: Workstation
17:13:27.0945 4644  ComputerName: CAD
17:13:27.0945 4644  UserName: Wolff
17:13:27.0945 4644  Windows directory: C:\Windows
17:13:27.0945 4644  System windows directory: C:\Windows
17:13:27.0945 4644  Running under WOW64
17:13:27.0945 4644  Processor architecture: Intel x64
17:13:27.0945 4644  Number of processors: 4
17:13:27.0945 4644  Page size: 0x1000
17:13:27.0945 4644  Boot type: Normal boot
17:13:27.0945 4644  ============================================================
17:13:28.0155 4644  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:28.0165 4644  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:28.0226 4644  ============================================================
17:13:28.0226 4644  \Device\Harddisk1\DR1:
17:13:28.0228 4644  MBR partitions:
17:13:28.0228 4644  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:13:28.0228 4644  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
17:13:28.0228 4644  \Device\Harddisk0\DR0:
17:13:28.0228 4644  MBR partitions:
17:13:28.0228 4644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD6D7DC8
17:13:28.0241 4644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD6D7E46, BlocksNum 0x2CCA8F3A
17:13:28.0241 4644  ============================================================
17:13:28.0243 4644  C: <-> \Device\Harddisk1\DR1\Partition2
17:13:28.0270 4644  F: <-> \Device\Harddisk0\DR0\Partition1
17:13:28.0294 4644  G: <-> \Device\Harddisk0\DR0\Partition2
17:13:28.0294 4644  ============================================================
17:13:28.0294 4644  Initialize success
17:13:28.0294 4644  ============================================================
17:14:36.0820 6484  ============================================================
17:14:36.0820 6484  Scan started
17:14:36.0820 6484  Mode: Manual; SigCheck; TDLFS; 
17:14:36.0820 6484  ============================================================
17:14:37.0065 6484  ================ Scan system memory ========================
17:14:37.0065 6484  System memory - ok
17:14:37.0065 6484  ================ Scan services =============================
17:14:37.0108 6484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:14:37.0187 6484  1394ohci - ok
17:14:37.0192 6484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:14:37.0204 6484  ACPI - ok
17:14:37.0206 6484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:14:37.0225 6484  AcpiPmi - ok
17:14:37.0230 6484  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:14:37.0239 6484  AdobeARMservice - ok
17:14:37.0263 6484  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:14:37.0273 6484  AdobeFlashPlayerUpdateSvc - ok
17:14:37.0279 6484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:14:37.0292 6484  adp94xx - ok
17:14:37.0297 6484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:14:37.0307 6484  adpahci - ok
17:14:37.0311 6484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:14:37.0321 6484  adpu320 - ok
17:14:37.0324 6484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:14:37.0374 6484  AeLookupSvc - ok
17:14:37.0380 6484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:14:37.0394 6484  AFD - ok
17:14:37.0396 6484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:14:37.0404 6484  agp440 - ok
17:14:37.0407 6484  [ DB262BADD56D97652D5E726B7C2ED9DF ] aksdf           C:\Windows\system32\DRIVERS\aksdf.sys
17:14:37.0416 6484  aksdf - ok
17:14:37.0419 6484  [ 2658A412543113E8A8D34DF6CCC7D7E7 ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
17:14:37.0427 6484  aksfridge - ok
17:14:37.0429 6484  [ 35E43EE8FE28CFD581E8CE42847DFE2B ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
17:14:37.0437 6484  akshasp - ok
17:14:37.0439 6484  [ 053B204554F104CB5DC3D94B61BDA458 ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
17:14:37.0446 6484  akshhl - ok
17:14:37.0451 6484  [ 51982A019F66D4DFD1A6E1AF548CCFA5 ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
17:14:37.0460 6484  aksusb - ok
17:14:37.0463 6484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:14:37.0479 6484  ALG - ok
17:14:37.0481 6484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:14:37.0489 6484  aliide - ok
17:14:37.0491 6484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:14:37.0499 6484  amdide - ok
17:14:37.0501 6484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:14:37.0510 6484  AmdK8 - ok
17:14:37.0513 6484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:14:37.0522 6484  AmdPPM - ok
17:14:37.0525 6484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:14:37.0534 6484  amdsata - ok
17:14:37.0537 6484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:14:37.0546 6484  amdsbs - ok
17:14:37.0549 6484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:14:37.0556 6484  amdxata - ok
17:14:37.0559 6484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:14:37.0609 6484  AppID - ok
17:14:37.0612 6484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:14:37.0635 6484  AppIDSvc - ok
17:14:37.0637 6484  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:14:37.0661 6484  Appinfo - ok
17:14:37.0666 6484  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:14:37.0674 6484  Apple Mobile Device - ok
17:14:37.0678 6484  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:14:37.0691 6484  AppMgmt - ok
17:14:37.0693 6484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:14:37.0702 6484  arc - ok
17:14:37.0705 6484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:14:37.0714 6484  arcsas - ok
17:14:37.0726 6484  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:14:37.0735 6484  aspnet_state - ok
17:14:37.0737 6484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:14:37.0762 6484  AsyncMac - ok
17:14:37.0764 6484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:14:37.0772 6484  atapi - ok
17:14:37.0776 6484  [ 6C1890D62A505F3019765A83521D8416 ] atashost        C:\Windows\SysWOW64\atashost.exe
17:14:37.0785 6484  atashost - ok
17:14:37.0793 6484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:14:37.0824 6484  AudioEndpointBuilder - ok
17:14:37.0831 6484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:14:37.0858 6484  AudioSrv - ok
17:14:37.0864 6484  [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
17:14:37.0873 6484  Autodesk Content Service - ok
17:14:37.0889 6484  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
17:14:37.0917 6484  AVKProxy - ok
17:14:37.0924 6484  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
17:14:37.0937 6484  AVKService - ok
17:14:37.0955 6484  [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl         C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
17:14:37.0997 6484  AVKWCtl - ok
17:14:38.0000 6484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:14:38.0023 6484  AxInstSV - ok
17:14:38.0029 6484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:14:38.0043 6484  b06bdrv - ok
17:14:38.0048 6484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:14:38.0060 6484  b57nd60a - ok
17:14:38.0064 6484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:14:38.0075 6484  BDESVC - ok
17:14:38.0077 6484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:14:38.0101 6484  Beep - ok
17:14:38.0109 6484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:14:38.0137 6484  BFE - ok
17:14:38.0146 6484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:14:38.0176 6484  BITS - ok
17:14:38.0178 6484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:14:38.0188 6484  blbdrive - ok
17:14:38.0195 6484  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:14:38.0208 6484  Bonjour Service - ok
17:14:38.0212 6484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:14:38.0223 6484  bowser - ok
17:14:38.0225 6484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:14:38.0237 6484  BrFiltLo - ok
17:14:38.0239 6484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:14:38.0250 6484  BrFiltUp - ok
17:14:38.0254 6484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:14:38.0267 6484  Browser - ok
17:14:38.0271 6484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:14:38.0285 6484  Brserid - ok
17:14:38.0287 6484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:14:38.0299 6484  BrSerWdm - ok
17:14:38.0301 6484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:14:38.0312 6484  BrUsbMdm - ok
17:14:38.0315 6484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:14:38.0325 6484  BrUsbSer - ok
17:14:38.0327 6484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:14:38.0339 6484  BTHMODEM - ok
17:14:38.0342 6484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:14:38.0367 6484  bthserv - ok
17:14:38.0370 6484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:14:38.0394 6484  cdfs - ok
17:14:38.0397 6484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:14:38.0407 6484  cdrom - ok
17:14:38.0410 6484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:14:38.0438 6484  CertPropSvc - ok
17:14:38.0441 6484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:14:38.0453 6484  circlass - ok
17:14:38.0458 6484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:14:38.0472 6484  CLFS - ok
17:14:38.0478 6484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:14:38.0486 6484  clr_optimization_v2.0.50727_32 - ok
17:14:38.0492 6484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:14:38.0505 6484  clr_optimization_v2.0.50727_64 - ok
17:14:38.0513 6484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:14:38.0521 6484  clr_optimization_v4.0.30319_32 - ok
17:14:38.0524 6484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:14:38.0534 6484  clr_optimization_v4.0.30319_64 - ok
17:14:38.0537 6484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:14:38.0547 6484  CmBatt - ok
17:14:38.0549 6484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:14:38.0557 6484  cmdide - ok
17:14:38.0563 6484  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:14:38.0580 6484  CNG - ok
17:14:38.0582 6484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:14:38.0590 6484  Compbatt - ok
17:14:38.0592 6484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:14:38.0604 6484  CompositeBus - ok
17:14:38.0606 6484  COMSysApp - ok
17:14:38.0609 6484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:14:38.0617 6484  crcdisk - ok
17:14:38.0622 6484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:14:38.0638 6484  CryptSvc - ok
17:14:38.0644 6484  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
17:14:38.0658 6484  CSC - ok
17:14:38.0666 6484  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
17:14:38.0683 6484  CscService - ok
17:14:38.0690 6484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:14:38.0716 6484  DcomLaunch - ok
17:14:38.0721 6484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:14:38.0748 6484  defragsvc - ok
17:14:38.0751 6484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:14:38.0775 6484  DfsC - ok
17:14:38.0780 6484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:14:38.0794 6484  Dhcp - ok
17:14:38.0797 6484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:14:38.0820 6484  discache - ok
17:14:38.0822 6484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:14:38.0831 6484  Disk - ok
17:14:38.0833 6484  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:14:38.0844 6484  dmvsc - ok
17:14:38.0847 6484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:14:38.0860 6484  Dnscache - ok
17:14:38.0864 6484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:14:38.0889 6484  dot3svc - ok
17:14:38.0893 6484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:14:38.0917 6484  DPS - ok
17:14:38.0919 6484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:14:38.0929 6484  drmkaud - ok
17:14:38.0939 6484  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:14:38.0956 6484  DXGKrnl - ok
17:14:38.0959 6484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:14:38.0984 6484  EapHost - ok
17:14:39.0012 6484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:14:39.0046 6484  ebdrv - ok
17:14:39.0049 6484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:14:39.0060 6484  EFS - ok
17:14:39.0069 6484  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:14:39.0090 6484  ehRecvr - ok
17:14:39.0092 6484  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:14:39.0103 6484  ehSched - ok
17:14:39.0110 6484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:14:39.0123 6484  elxstor - ok
17:14:39.0125 6484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:14:39.0134 6484  ErrDev - ok
17:14:39.0141 6484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:14:39.0168 6484  EventSystem - ok
17:14:39.0172 6484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:14:39.0195 6484  exfat - ok
17:14:39.0199 6484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:14:39.0223 6484  fastfat - ok
17:14:39.0231 6484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:14:39.0250 6484  Fax - ok
17:14:39.0253 6484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:14:39.0262 6484  fdc - ok
17:14:39.0264 6484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:14:39.0287 6484  fdPHost - ok
17:14:39.0289 6484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:14:39.0314 6484  FDResPub - ok
17:14:39.0316 6484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:14:39.0325 6484  FileInfo - ok
17:14:39.0327 6484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:14:39.0350 6484  Filetrace - ok
17:14:39.0364 6484  [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:14:39.0393 6484  FLEXnet Licensing Service 64 - ok
17:14:39.0395 6484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:14:39.0404 6484  flpydisk - ok
17:14:39.0409 6484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:14:39.0419 6484  FltMgr - ok
17:14:39.0431 6484  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:14:39.0458 6484  FontCache - ok
17:14:39.0461 6484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:39.0468 6484  FontCache3.0.0.0 - ok
17:14:39.0471 6484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:14:39.0479 6484  FsDepends - ok
17:14:39.0481 6484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:14:39.0489 6484  Fs_Rec - ok
17:14:39.0493 6484  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:14:39.0505 6484  fvevol - ok
17:14:39.0508 6484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:14:39.0516 6484  gagp30kx - ok
17:14:39.0519 6484  [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
17:14:39.0527 6484  GDBehave - ok
17:14:39.0530 6484  [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
17:14:39.0538 6484  GDMnIcpt - ok
17:14:39.0541 6484  [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
17:14:39.0549 6484  GDPkIcpt - ok
17:14:39.0556 6484  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
17:14:39.0570 6484  GDScan - ok
17:14:39.0572 6484  [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
17:14:39.0580 6484  gdwfpcd - ok
17:14:39.0583 6484  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:14:39.0590 6484  GEARAspiWDM - ok
17:14:39.0598 6484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:14:39.0630 6484  gpsvc - ok
17:14:39.0634 6484  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:39.0643 6484  gupdate - ok
17:14:39.0646 6484  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:39.0653 6484  gupdatem - ok
17:14:39.0658 6484  [ F63408F1F58189285DC726747E6645A1 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
17:14:39.0668 6484  Hardlock - ok
17:14:39.0670 6484  hasplms - ok
17:14:39.0673 6484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:14:39.0684 6484  hcw85cir - ok
17:14:39.0689 6484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:14:39.0702 6484  HdAudAddService - ok
17:14:39.0705 6484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:14:39.0717 6484  HDAudBus - ok
17:14:39.0719 6484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:14:39.0729 6484  HidBatt - ok
17:14:39.0731 6484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:14:39.0743 6484  HidBth - ok
17:14:39.0745 6484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:14:39.0757 6484  HidIr - ok
17:14:39.0760 6484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:14:39.0784 6484  hidserv - ok
17:14:39.0786 6484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:14:39.0795 6484  HidUsb - ok
17:14:39.0799 6484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:14:39.0824 6484  hkmsvc - ok
17:14:39.0828 6484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:14:39.0842 6484  HomeGroupListener - ok
17:14:39.0846 6484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:14:39.0858 6484  HomeGroupProvider - ok
17:14:39.0861 6484  [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
17:14:39.0869 6484  HookCentre - ok
17:14:39.0872 6484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:14:39.0880 6484  HpSAMD - ok
17:14:39.0888 6484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:14:39.0916 6484  HTTP - ok
17:14:39.0919 6484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:14:39.0927 6484  hwpolicy - ok
17:14:39.0930 6484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:14:39.0940 6484  i8042prt - ok
17:14:39.0945 6484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:14:39.0958 6484  iaStorV - ok
17:14:39.0962 6484  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:14:39.0969 6484  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:14:39.0969 6484  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:14:39.0978 6484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:14:39.0999 6484  idsvc - ok
17:14:40.0002 6484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:14:40.0010 6484  iirsp - ok
17:14:40.0019 6484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:14:40.0052 6484  IKEEXT - ok
17:14:40.0095 6484  [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:14:40.0150 6484  IntcAzAudAddService - ok
17:14:40.0154 6484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:14:40.0162 6484  intelide - ok
17:14:40.0164 6484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:14:40.0174 6484  intelppm - ok
17:14:40.0177 6484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:14:40.0202 6484  IPBusEnum - ok
17:14:40.0204 6484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:40.0227 6484  IpFilterDriver - ok
17:14:40.0233 6484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:14:40.0250 6484  iphlpsvc - ok
17:14:40.0253 6484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:14:40.0262 6484  IPMIDRV - ok
17:14:40.0265 6484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:14:40.0288 6484  IPNAT - ok
17:14:40.0295 6484  [ 44886233135241F3990724082EB104EE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:14:40.0311 6484  iPod Service - ok
17:14:40.0313 6484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:14:40.0325 6484  IRENUM - ok
17:14:40.0327 6484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:14:40.0335 6484  isapnp - ok
17:14:40.0339 6484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:14:40.0350 6484  iScsiPrt - ok
17:14:40.0353 6484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:14:40.0360 6484  kbdclass - ok
17:14:40.0362 6484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:14:40.0371 6484  kbdhid - ok
17:14:40.0374 6484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:14:40.0382 6484  KeyIso - ok
17:14:40.0385 6484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:14:40.0394 6484  KSecDD - ok
17:14:40.0397 6484  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:14:40.0406 6484  KSecPkg - ok
17:14:40.0408 6484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:14:40.0431 6484  ksthunk - ok
17:14:40.0436 6484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:14:40.0464 6484  KtmRm - ok
17:14:40.0468 6484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:14:40.0492 6484  LanmanServer - ok
17:14:40.0495 6484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:14:40.0519 6484  LanmanWorkstation - ok
17:14:40.0525 6484  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:14:40.0539 6484  LBTServ - ok
17:14:40.0543 6484  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:14:40.0551 6484  LHidFilt - ok
17:14:40.0554 6484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:14:40.0577 6484  lltdio - ok
17:14:40.0582 6484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:14:40.0607 6484  lltdsvc - ok
17:14:40.0609 6484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:14:40.0632 6484  lmhosts - ok
17:14:40.0634 6484  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:14:40.0642 6484  LMouFilt - ok
17:14:40.0646 6484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:14:40.0655 6484  LSI_FC - ok
17:14:40.0658 6484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:14:40.0666 6484  LSI_SAS - ok
17:14:40.0669 6484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:14:40.0677 6484  LSI_SAS2 - ok
17:14:40.0679 6484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:14:40.0688 6484  LSI_SCSI - ok
17:14:40.0691 6484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:14:40.0714 6484  luafv - ok
17:14:40.0717 6484  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:14:40.0724 6484  MBAMProtector - ok
17:14:40.0730 6484  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:14:40.0741 6484  MBAMScheduler - ok
17:14:40.0749 6484  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:14:40.0765 6484  MBAMService - ok
17:14:40.0768 6484  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:14:40.0780 6484  Mcx2Svc - ok
17:14:40.0782 6484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:14:40.0790 6484  megasas - ok
17:14:40.0794 6484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:14:40.0805 6484  MegaSR - ok
17:14:40.0808 6484  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:14:40.0815 6484  MEIx64 - ok
17:14:40.0818 6484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:14:40.0841 6484  MMCSS - ok
17:14:40.0844 6484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:14:40.0867 6484  Modem - ok
17:14:40.0869 6484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:14:40.0880 6484  monitor - ok
17:14:40.0883 6484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:14:40.0891 6484  mouclass - ok
17:14:40.0893 6484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:14:40.0903 6484  mouhid - ok
17:14:40.0905 6484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:14:40.0914 6484  mountmgr - ok
17:14:40.0917 6484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:14:40.0926 6484  mpio - ok
17:14:40.0929 6484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:14:40.0951 6484  mpsdrv - ok
17:14:40.0960 6484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:14:40.0988 6484  MpsSvc - ok
17:14:40.0991 6484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:14:41.0004 6484  MRxDAV - ok
17:14:41.0008 6484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:41.0018 6484  mrxsmb - ok
17:14:41.0023 6484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:41.0033 6484  mrxsmb10 - ok
17:14:41.0036 6484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:41.0045 6484  mrxsmb20 - ok
17:14:41.0047 6484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:14:41.0055 6484  msahci - ok
17:14:41.0058 6484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:14:41.0067 6484  msdsm - ok
17:14:41.0070 6484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:14:41.0082 6484  MSDTC - ok
17:14:41.0086 6484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:14:41.0109 6484  Msfs - ok
17:14:41.0111 6484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:14:41.0134 6484  mshidkmdf - ok
17:14:41.0136 6484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:14:41.0144 6484  msisadrv - ok
17:14:41.0148 6484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:14:41.0173 6484  MSiSCSI - ok
17:14:41.0175 6484  msiserver - ok
17:14:41.0177 6484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:14:41.0200 6484  MSKSSRV - ok
17:14:41.0202 6484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:41.0226 6484  MSPCLOCK - ok
17:14:41.0228 6484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:14:41.0250 6484  MSPQM - ok
17:14:41.0255 6484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:14:41.0267 6484  MsRPC - ok
17:14:41.0270 6484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:14:41.0278 6484  mssmbios - ok
17:14:41.0281 6484  MSSQL$SIBBAUWERKE - ok
17:14:41.0284 6484  [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
17:14:41.0289 6484  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
17:14:41.0289 6484  MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
17:14:41.0292 6484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:14:41.0315 6484  MSTEE - ok
17:14:41.0317 6484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:14:41.0326 6484  MTConfig - ok
17:14:41.0329 6484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:14:41.0337 6484  Mup - ok
17:14:41.0343 6484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:14:41.0370 6484  napagent - ok
17:14:41.0374 6484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:14:41.0389 6484  NativeWifiP - ok
17:14:41.0399 6484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:14:41.0416 6484  NDIS - ok
17:14:41.0419 6484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:41.0442 6484  NdisCap - ok
17:14:41.0444 6484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:41.0467 6484  NdisTapi - ok
17:14:41.0469 6484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:41.0492 6484  Ndisuio - ok
17:14:41.0495 6484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:41.0519 6484  NdisWan - ok
17:14:41.0521 6484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:14:41.0544 6484  NDProxy - ok
17:14:41.0547 6484  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:14:41.0553 6484  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:14:41.0553 6484  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:14:41.0555 6484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:14:41.0579 6484  NetBIOS - ok
17:14:41.0583 6484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:14:41.0606 6484  NetBT - ok
17:14:41.0609 6484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:14:41.0618 6484  Netlogon - ok
17:14:41.0623 6484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:14:41.0649 6484  Netman - ok
17:14:41.0652 6484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0662 6484  NetMsmqActivator - ok
17:14:41.0664 6484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0673 6484  NetPipeActivator - ok
17:14:41.0679 6484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:14:41.0706 6484  netprofm - ok
17:14:41.0708 6484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0717 6484  NetTcpActivator - ok
17:14:41.0719 6484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:41.0727 6484  NetTcpPortSharing - ok
17:14:41.0730 6484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:14:41.0738 6484  nfrd960 - ok
17:14:41.0742 6484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:14:41.0755 6484  NlaSvc - ok
17:14:41.0757 6484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:14:41.0780 6484  Npfs - ok
17:14:41.0783 6484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:14:41.0806 6484  nsi - ok
17:14:41.0808 6484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:14:41.0831 6484  nsiproxy - ok
17:14:41.0848 6484  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:14:41.0873 6484  Ntfs - ok
17:14:41.0875 6484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:14:41.0898 6484  Null - ok
17:14:41.0901 6484  [ A61B0AF4D6B934928CFD1140DEEA5C8D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:14:41.0910 6484  nusb3hub - ok
17:14:41.0914 6484  [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:14:41.0923 6484  nusb3xhc - ok
17:14:41.0926 6484  [ 10204955027011E08A9DC27737A48A54 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:14:41.0935 6484  NVHDA - ok
17:14:42.0064 6484  [ 05B8A30A7DC10BB627916658A2B00D43 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:14:42.0203 6484  nvlddmkm - ok
17:14:42.0209 6484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:14:42.0218 6484  nvraid - ok
17:14:42.0222 6484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:14:42.0231 6484  nvstor - ok
17:14:42.0242 6484  [ FC5D949E5C0AE6A939ABCDFCD8D50361 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:14:42.0260 6484  nvsvc - ok
17:14:42.0281 6484  [ 0BDA359BCDDCDC4FAFB50DE3CE1B4484 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:14:42.0314 6484  nvUpdatusService - ok
17:14:42.0318 6484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:14:42.0326 6484  nv_agp - ok
17:14:42.0334 6484  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:42.0347 6484  odserv - ok
17:14:42.0350 6484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:14:42.0360 6484  ohci1394 - ok
17:14:42.0364 6484  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:42.0374 6484  ose - ok
17:14:42.0380 6484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:14:42.0392 6484  p2pimsvc - ok
17:14:42.0398 6484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:14:42.0410 6484  p2psvc - ok
17:14:42.0413 6484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:14:42.0423 6484  Parport - ok
17:14:42.0426 6484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:14:42.0434 6484  partmgr - ok
17:14:42.0438 6484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:14:42.0451 6484  PcaSvc - ok
17:14:42.0455 6484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:14:42.0464 6484  pci - ok
17:14:42.0466 6484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:14:42.0474 6484  pciide - ok
17:14:42.0477 6484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:14:42.0487 6484  pcmcia - ok
17:14:42.0490 6484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:14:42.0498 6484  pcw - ok
17:14:42.0513 6484  [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
17:14:42.0540 6484  PDF Architect Helper Service - ok
17:14:42.0550 6484  [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
17:14:42.0569 6484  PDF Architect Service - ok
17:14:42.0576 6484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:14:42.0603 6484  PEAUTH - ok
17:14:42.0616 6484  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:14:42.0636 6484  PeerDistSvc - ok
17:14:42.0658 6484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:14:42.0668 6484  PerfHost - ok
17:14:42.0683 6484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:14:42.0716 6484  pla - ok
17:14:42.0721 6484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:14:42.0735 6484  PlugPlay - ok
17:14:42.0738 6484  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:14:42.0743 6484  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:14:42.0743 6484  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:14:42.0746 6484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:14:42.0756 6484  PNRPAutoReg - ok
17:14:42.0761 6484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:14:42.0772 6484  PNRPsvc - ok
17:14:42.0779 6484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:14:42.0807 6484  PolicyAgent - ok
17:14:42.0811 6484  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:14:42.0838 6484  Power - ok
17:14:42.0841 6484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:14:42.0864 6484  PptpMiniport - ok
17:14:42.0867 6484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:14:42.0877 6484  Processor - ok
17:14:42.0881 6484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:14:42.0894 6484  ProfSvc - ok
17:14:42.0896 6484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:42.0906 6484  ProtectedStorage - ok
17:14:42.0909 6484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:14:42.0932 6484  Psched - ok
17:14:42.0935 6484  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
17:14:42.0942 6484  PSI - ok
17:14:42.0957 6484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:14:42.0980 6484  ql2300 - ok
17:14:42.0983 6484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:14:42.0992 6484  ql40xx - ok
17:14:42.0996 6484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:14:43.0010 6484  QWAVE - ok
17:14:43.0013 6484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:14:43.0025 6484  QWAVEdrv - ok
17:14:43.0031 6484  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:14:43.0042 6484  RapiMgr - ok
17:14:43.0044 6484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:14:43.0068 6484  RasAcd - ok
17:14:43.0071 6484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:43.0094 6484  RasAgileVpn - ok
17:14:43.0097 6484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:14:43.0121 6484  RasAuto - ok
17:14:43.0125 6484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:43.0148 6484  Rasl2tp - ok
17:14:43.0153 6484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:14:43.0178 6484  RasMan - ok
17:14:43.0181 6484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:43.0206 6484  RasPppoe - ok
17:14:43.0208 6484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:14:43.0231 6484  RasSstp - ok
17:14:43.0236 6484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:14:43.0260 6484  rdbss - ok
17:14:43.0262 6484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:43.0273 6484  rdpbus - ok
17:14:43.0276 6484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:43.0298 6484  RDPCDD - ok
17:14:43.0303 6484  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:14:43.0314 6484  RDPDR - ok
17:14:43.0316 6484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:14:43.0339 6484  RDPENCDD - ok
17:14:43.0342 6484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:14:43.0365 6484  RDPREFMP - ok
17:14:43.0369 6484  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:14:43.0379 6484  RdpVideoMiniport - ok
17:14:43.0383 6484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:14:43.0395 6484  RDPWD - ok
17:14:43.0399 6484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:14:43.0409 6484  rdyboost - ok
17:14:43.0414 6484  [ 6B81926B784559ED1DA6238E160757EB ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
17:14:43.0426 6484  ReflectService.exe - ok
17:14:43.0429 6484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:14:43.0454 6484  RemoteAccess - ok
17:14:43.0458 6484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:14:43.0482 6484  RemoteRegistry - ok
17:14:43.0485 6484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:14:43.0509 6484  RpcEptMapper - ok
17:14:43.0511 6484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:14:43.0522 6484  RpcLocator - ok
17:14:43.0528 6484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:14:43.0554 6484  RpcSs - ok
17:14:43.0557 6484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:14:43.0581 6484  rspndr - ok
17:14:43.0589 6484  [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:14:43.0603 6484  RTL8167 - ok
17:14:43.0605 6484  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:14:43.0614 6484  s3cap - ok
17:14:43.0616 6484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:14:43.0626 6484  SamSs - ok
17:14:43.0629 6484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:14:43.0638 6484  sbp2port - ok
17:14:43.0641 6484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:14:43.0666 6484  SCardSvr - ok
17:14:43.0668 6484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:14:43.0690 6484  scfilter - ok
17:14:43.0701 6484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:14:43.0733 6484  Schedule - ok
17:14:43.0736 6484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:14:43.0758 6484  SCPolicySvc - ok
17:14:43.0762 6484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:14:43.0774 6484  SDRSVC - ok
17:14:43.0777 6484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:14:43.0799 6484  secdrv - ok
17:14:43.0802 6484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:14:43.0825 6484  seclogon - ok
17:14:43.0841 6484  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:14:43.0877 6484  Secunia PSI Agent - ok
17:14:43.0886 6484  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:14:43.0902 6484  Secunia Update Agent - ok
17:14:43.0905 6484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:14:43.0929 6484  SENS - ok
17:14:43.0931 6484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:14:43.0942 6484  SensrSvc - ok
17:14:43.0944 6484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:14:43.0954 6484  Serenum - ok
17:14:43.0957 6484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:14:43.0968 6484  Serial - ok
17:14:43.0970 6484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:14:43.0979 6484  sermouse - ok
17:14:43.0985 6484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:14:44.0009 6484  SessionEnv - ok
17:14:44.0011 6484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:14:44.0022 6484  sffdisk - ok
17:14:44.0024 6484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:14:44.0035 6484  sffp_mmc - ok
17:14:44.0038 6484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:14:44.0048 6484  sffp_sd - ok
17:14:44.0050 6484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:14:44.0060 6484  sfloppy - ok
17:14:44.0065 6484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:14:44.0093 6484  SharedAccess - ok
17:14:44.0100 6484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:44.0126 6484  ShellHWDetection - ok
17:14:44.0129 6484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:14:44.0137 6484  SiSRaid2 - ok
17:14:44.0139 6484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:14:44.0148 6484  SiSRaid4 - ok
17:14:44.0152 6484  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:14:44.0162 6484  SkypeUpdate - ok
17:14:44.0165 6484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:14:44.0189 6484  Smb - ok
17:14:44.0193 6484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:14:44.0204 6484  SNMPTRAP - ok
17:14:44.0206 6484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:14:44.0214 6484  spldr - ok
17:14:44.0220 6484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:14:44.0235 6484  Spooler - ok
17:14:44.0267 6484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:14:44.0317 6484  sppsvc - ok
17:14:44.0320 6484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:14:44.0344 6484  sppuinotify - ok
17:14:44.0351 6484  [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd            C:\Windows\System32\Drivers\sptd.sys
17:14:44.0364 6484  sptd - ok
17:14:44.0365 6484  SQLAgent$SIBBAUWERKE - ok
17:14:44.0372 6484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:14:44.0386 6484  srv - ok
17:14:44.0392 6484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:14:44.0403 6484  srv2 - ok
17:14:44.0407 6484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:14:44.0416 6484  srvnet - ok
17:14:44.0420 6484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:14:44.0444 6484  SSDPSRV - ok
17:14:44.0447 6484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:14:44.0470 6484  SstpSvc - ok
17:14:44.0477 6484  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:14:44.0486 6484  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
17:14:44.0486 6484  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
17:14:44.0491 6484  [ F7ACD2224E8FE9F17AF91B2B1FCBF722 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:14:44.0504 6484  Stereo Service - ok
17:14:44.0507 6484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:14:44.0515 6484  stexstor - ok
17:14:44.0522 6484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:14:44.0540 6484  stisvc - ok
17:14:44.0542 6484  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:14:44.0550 6484  storflt - ok
17:14:44.0553 6484  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
17:14:44.0563 6484  StorSvc - ok
17:14:44.0565 6484  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:14:44.0574 6484  storvsc - ok
17:14:44.0576 6484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:14:44.0583 6484  swenum - ok
17:14:44.0589 6484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:14:44.0616 6484  swprv - ok
17:14:44.0632 6484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:14:44.0658 6484  SysMain - ok
17:14:44.0661 6484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:44.0674 6484  TabletInputService - ok
17:14:44.0679 6484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:14:44.0703 6484  TapiSrv - ok
17:14:44.0706 6484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:14:44.0729 6484  TBS - ok
17:14:44.0746 6484  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:14:44.0774 6484  Tcpip - ok
17:14:44.0791 6484  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:14:44.0818 6484  TCPIP6 - ok
17:14:44.0821 6484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:14:44.0830 6484  tcpipreg - ok
17:14:44.0833 6484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:14:44.0843 6484  TDPIPE - ok
17:14:44.0845 6484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:14:44.0854 6484  TDTCP - ok
17:14:44.0857 6484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:14:44.0879 6484  tdx - ok
17:14:44.0881 6484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:14:44.0890 6484  TermDD - ok
17:14:44.0898 6484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:14:44.0925 6484  TermService - ok
17:14:44.0927 6484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:14:44.0940 6484  Themes - ok
17:14:44.0942 6484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:14:44.0965 6484  THREADORDER - ok
17:14:44.0968 6484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:14:44.0993 6484  TrkWks - ok
17:14:44.0997 6484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:45.0021 6484  TrustedInstaller - ok
17:14:45.0025 6484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:45.0047 6484  tssecsrv - ok
17:14:45.0050 6484  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:14:45.0061 6484  TsUsbFlt - ok
17:14:45.0064 6484  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:14:45.0072 6484  TsUsbGD - ok
17:14:45.0075 6484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:14:45.0098 6484  tunnel - ok
17:14:45.0101 6484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:14:45.0109 6484  uagp35 - ok
17:14:45.0114 6484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:14:45.0139 6484  udfs - ok
17:14:45.0143 6484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:14:45.0154 6484  UI0Detect - ok
17:14:45.0157 6484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:14:45.0165 6484  uliagpkx - ok
17:14:45.0168 6484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:14:45.0178 6484  umbus - ok
17:14:45.0180 6484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:14:45.0189 6484  UmPass - ok
17:14:45.0193 6484  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
17:14:45.0204 6484  UmRdpService - ok
17:14:45.0209 6484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:14:45.0236 6484  upnphost - ok
17:14:45.0239 6484  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:14:45.0249 6484  USBAAPL64 - ok
17:14:45.0253 6484  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:45.0263 6484  usbccgp - ok
17:14:45.0266 6484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:14:45.0278 6484  usbcir - ok
17:14:45.0280 6484  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:14:45.0290 6484  usbehci - ok
17:14:45.0295 6484  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:14:45.0306 6484  usbhub - ok
17:14:45.0309 6484  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:14:45.0318 6484  usbohci - ok
17:14:45.0320 6484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:14:45.0331 6484  usbprint - ok
17:14:45.0334 6484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:45.0348 6484  USBSTOR - ok
17:14:45.0350 6484  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:14:45.0360 6484  usbuhci - ok
17:14:45.0363 6484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:14:45.0387 6484  UxSms - ok
17:14:45.0389 6484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:14:45.0398 6484  VaultSvc - ok
17:14:45.0401 6484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:14:45.0409 6484  vdrvroot - ok
17:14:45.0415 6484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:14:45.0442 6484  vds - ok
17:14:45.0444 6484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:45.0455 6484  vga - ok
17:14:45.0457 6484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:14:45.0480 6484  VgaSave - ok
17:14:45.0484 6484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:14:45.0494 6484  vhdmp - ok
17:14:45.0496 6484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:14:45.0504 6484  viaide - ok
17:14:45.0508 6484  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:14:45.0517 6484  vmbus - ok
17:14:45.0520 6484  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:14:45.0529 6484  VMBusHID - ok
17:14:45.0532 6484  [ 93F279A2C172562050700A18FA84BE2E ] vncmirror       C:\Windows\system32\DRIVERS\vncmirror.sys
17:14:45.0541 6484  vncmirror - ok
17:14:45.0544 6484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:14:45.0553 6484  volmgr - ok
17:14:45.0557 6484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:14:45.0569 6484  volmgrx - ok
17:14:45.0574 6484  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:14:45.0585 6484  volsnap - ok
17:14:45.0589 6484  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
17:14:45.0598 6484  vpcbus - ok
17:14:45.0601 6484  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:14:45.0611 6484  vpcnfltr - ok
17:14:45.0614 6484  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
17:14:45.0623 6484  vpcusb - ok
17:14:45.0628 6484  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
17:14:45.0639 6484  vpcvmm - ok
17:14:45.0642 6484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:14:45.0652 6484  vsmraid - ok
17:14:45.0667 6484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:14:45.0702 6484  VSS - ok
17:14:45.0705 6484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:14:45.0715 6484  vwifibus - ok
17:14:45.0721 6484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:14:45.0746 6484  W32Time - ok
17:14:45.0749 6484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:14:45.0758 6484  WacomPen - ok
17:14:45.0761 6484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:14:45.0784 6484  WANARP - ok
17:14:45.0786 6484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:14:45.0808 6484  Wanarpv6 - ok
17:14:45.0823 6484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:14:45.0845 6484  wbengine - ok
17:14:45.0848 6484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:14:45.0863 6484  WbioSrvc - ok
17:14:45.0869 6484  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:14:45.0882 6484  WcesComm - ok
17:14:45.0887 6484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:14:45.0903 6484  wcncsvc - ok
17:14:45.0906 6484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:45.0918 6484  WcsPlugInService - ok
17:14:45.0921 6484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:14:45.0928 6484  Wd - ok
17:14:45.0937 6484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:14:45.0954 6484  Wdf01000 - ok
17:14:45.0957 6484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:14:45.0983 6484  WdiServiceHost - ok
17:14:45.0985 6484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:14:45.0998 6484  WdiSystemHost - ok
17:14:46.0002 6484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:14:46.0017 6484  WebClient - ok
17:14:46.0021 6484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:14:46.0047 6484  Wecsvc - ok
17:14:46.0050 6484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:14:46.0074 6484  wercplsupport - ok
17:14:46.0077 6484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:14:46.0100 6484  WerSvc - ok
17:14:46.0102 6484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:46.0125 6484  WfpLwf - ok
17:14:46.0127 6484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:14:46.0135 6484  WIMMount - ok
17:14:46.0137 6484  WinDefend - ok
17:14:46.0140 6484  WinHttpAutoProxySvc - ok
17:14:46.0149 6484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:14:46.0173 6484  Winmgmt - ok
17:14:46.0192 6484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:14:46.0230 6484  WinRM - ok
17:14:46.0235 6484  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:46.0246 6484  WinUsb - ok
17:14:46.0256 6484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:14:46.0275 6484  Wlansvc - ok
17:14:46.0278 6484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:14:46.0287 6484  WmiAcpi - ok
17:14:46.0292 6484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:14:46.0303 6484  wmiApSrv - ok
17:14:46.0305 6484  WMPNetworkSvc - ok
17:14:46.0308 6484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:14:46.0318 6484  WPCSvc - ok
17:14:46.0321 6484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:14:46.0337 6484  WPDBusEnum - ok
17:14:46.0339 6484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:14:46.0362 6484  ws2ifsl - ok
17:14:46.0365 6484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:14:46.0379 6484  wscsvc - ok
17:14:46.0381 6484  WSearch - ok
17:14:46.0405 6484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:14:46.0437 6484  wuauserv - ok
17:14:46.0440 6484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:14:46.0451 6484  WudfPf - ok
17:14:46.0455 6484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:46.0465 6484  WUDFRd - ok
17:14:46.0468 6484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:14:46.0478 6484  wudfsvc - ok
17:14:46.0483 6484  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:14:46.0497 6484  WwanSvc - ok
17:14:46.0500 6484  ================ Scan global ===============================
17:14:46.0502 6484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:14:46.0505 6484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:14:46.0510 6484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:14:46.0513 6484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:14:46.0518 6484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:14:46.0520 6484  [Global] - ok
17:14:46.0520 6484  ================ Scan MBR ==================================
17:14:46.0522 6484  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:14:46.0611 6484  \Device\Harddisk1\DR1 - ok
17:14:46.0626 6484  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:46.0819 6484  \Device\Harddisk0\DR0 - ok
17:14:46.0819 6484  ================ Scan VBR ==================================
17:14:46.0823 6484  [ ABF27788D8224B0837C324C650D276BC ] \Device\Harddisk1\DR1\Partition1
17:14:46.0824 6484  \Device\Harddisk1\DR1\Partition1 - ok
17:14:46.0827 6484  [ 8523979BF99FC5EE298312563D4CE922 ] \Device\Harddisk1\DR1\Partition2
17:14:46.0829 6484  \Device\Harddisk1\DR1\Partition2 - ok
17:14:46.0832 6484  [ 92C633C00A33369ADEA91DC808EABF07 ] \Device\Harddisk0\DR0\Partition1
17:14:46.0834 6484  \Device\Harddisk0\DR0\Partition1 - ok
17:14:46.0836 6484  [ 6D8FC7DBB9710CB30522190526BB1FFE ] \Device\Harddisk0\DR0\Partition2
17:14:46.0838 6484  \Device\Harddisk0\DR0\Partition2 - ok
17:14:46.0838 6484  ============================================================
17:14:46.0838 6484  Scan finished
17:14:46.0838 6484  ============================================================
17:14:46.0846 6560  Detected object count: 5
17:14:46.0846 6560  Actual detected object count: 5
17:16:40.0361 6560  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0362 6560  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:16:40.0363 6560  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0363 6560  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:16:40.0364 6560  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0364 6560  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:16:40.0365 6560  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0365 6560  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:16:40.0366 6560  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:40.0366 6560  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:17.0163 2772  Deinitialize success
         

Alt 18.03.2013, 22:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Recht unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 09:15   #15
Nr45
 
betroffen von adserverplus.com und hält sich hartäckig - Standard

betroffen von adserverplus.com und hält sich hartäckig



Ich habe zweimal vergeblich versucht den Virenwächter von GDdata zu beenden. Auch die Datei AVKTray.exe lies sich im Taskmanager nicht beenden.
Ich habe daraufhin einfach das Antivirenprogramm deinstaliert.
Der Rechner wurde aber nicht runtergefahren.
Dann lief JRT ordenlich durch.
Hier der Log
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x64
Ran by Wolff on 19.03.2013 at  8:02:44,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at  8:07:41,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwcleaner mit der Lösch-Optionen laufen lassen.
Rechner neu gestartet.
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 19/03/2013 um 08:10:12 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Wolff - CAD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wolff\Desktop\System\reinigung\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [957 octets] - [18/03/2013 08:59:44]
AdwCleaner[S1].txt - [901 octets] - [19/03/2013 08:10:12]

########## EOF - C:\AdwCleaner[S1].txt - [960 octets] ##########
         
OTL ebenso gestartet.
Code:
ATTFilter
OTL logfile created on: 19.03.2013 08:15:41 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolff\Desktop\System\entferner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,34% Memory free
15,97 Gb Paging File | 13,80 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 39,85 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS
Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
 
Computer Name: CAD | User Name: Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Wolff\Desktop\System\entferner\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft)
PRC - C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfcore160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfeditor160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\expertpdfcore160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsvector160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vsprinters160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprinter160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\BBlite160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\PKIECtrl160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\TMSlite160.bpl ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspropsaver160.bpl ()
MOD - C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPI.dll ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vstrees160.bpl ()
MOD - C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll ()
MOD - C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\js32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (ReflectService.exe) -- C:\Programme\Macrium\Reflect\ReflectService.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MSSQL$SIBBAUWERKE) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SIBBAUWERKE) -- C:\MSSQL$SIBBAUWERKE\Binn\sqlagent.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (SafeNet Inc.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (SafeNet Inc.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (SafeNet Inc.)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idea.de/startseite.html
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 E7 B8 2F AC 0D CE 01  [binary data]
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\hp.com/hpePrintShare: C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL (hp)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.04 12:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.08 15:05:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.16 08:12:56 | 000,000,000 | ---D | M]
 
[2013.02.08 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Wolff\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: hp ePrint&Share (Enabled) = C:\PROGRA~1\HEWLET~1\HPEPRI~1\INSTAN~1\NPHPEP~1.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech SetPoint = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Google Mail = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Auto Lyrics = C:\Users\Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Heleni Uploader] C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MBoxUtil Clean] C:\Program Files (x86)\KONICA MINOLTA\BOX Utility\BoxUtil.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files (x86)\SFirm32\sfWinStartupInfo.exe (BIVG Hannover)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001..\Run: [neoSearch] C:\Users\Wolff\AppData\Roaming\KoshyJohn.com\neoSearch\neoSearch.exe (KoshyJohn.com)
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E97791-E79B-461C-8829-74443A2FEB33}: NameServer = 192.168.137.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.15 12:22:57 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{41b5886d-06fe-11e2-963a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\starter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 08:00:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.18 13:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.17 09:59:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.17 09:59:08 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.17 07:06:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.16 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\Malwarebytes
[2013.03.16 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 10:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 10:07:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.16 10:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.16 08:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics
[2013.03.13 21:08:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 21:08:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 21:08:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 21:08:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 21:08:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 21:08:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 21:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 21:08:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 21:08:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 21:08:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 21:08:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 21:08:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 21:08:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 21:08:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 21:08:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Readiris
[2013.03.12 22:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S.
[2013.03.12 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Readiris Pro 12
[2013.03.12 22:12:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.03.08 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Logishrd
[2013.03.08 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.03.08 15:00:51 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2013.03.08 15:00:14 | 022,309,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.08 15:00:14 | 018,584,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.08 15:00:14 | 016,470,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.08 15:00:14 | 013,013,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.08 15:00:14 | 012,010,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.08 15:00:14 | 007,132,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.08 15:00:14 | 006,561,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.08 15:00:14 | 005,306,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.08 15:00:14 | 002,946,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.08 15:00:14 | 002,806,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.08 15:00:14 | 002,344,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.08 15:00:14 | 002,215,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.08 15:00:14 | 002,084,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.08 15:00:14 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.03.08 15:00:14 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.03.07 12:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2013.03.07 07:58:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.07 07:58:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.07 07:58:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.07 07:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.06 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\HEITKER
[2013.03.04 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Wolff\Documents\Wondershare PDF to Word
[2013.03.02 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\UltraVNC
[2013.03.02 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2013.03.02 10:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\uvnc bvba
[2013.03.01 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.27 18:00:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 18:00:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 18:00:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 18:00:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 17:59:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 17:59:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 17:59:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 17:59:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 17:59:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 17:59:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 17:59:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 17:59:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 17:59:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 17:59:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 17:59:58 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 17:59:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 17:59:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 17:59:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 17:59:57 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 17:59:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 17:59:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 17:59:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 17:59:57 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 17:59:57 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 17:59:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 17:59:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.23 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.thumbnails
[2013.02.23 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\fontconfig
[2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\gegl-0.2
[2013.02.23 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Wolff\.gimp-2.8
[2013.02.23 16:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.23 10:16:09 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll
[2013.02.23 10:16:09 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys
[2013.02.22 12:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.22 12:37:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.02.22 12:37:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.22 12:37:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.22 12:37:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.22 12:37:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.02.22 12:37:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.02.22 12:37:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.02.22 12:37:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.02.22 12:37:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.02.22 12:37:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.02.22 12:37:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.02.22 12:37:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.02.22 12:37:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.02.22 12:37:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.02.22 12:37:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.02.22 12:37:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.02.22 12:37:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.02.22 12:37:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.02.22 12:37:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.22 12:37:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.02.22 12:37:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.02.22 12:37:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.02.22 12:37:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.22 12:37:36 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.02.22 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Roaming\XnView
[2013.02.22 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\Wolff\AppData\Local\Secunia PSI
[2013.02.22 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.21 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.20 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.20 20:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.20 12:11:52 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.20 12:11:52 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 08:15:38 | 001,704,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 08:15:38 | 000,732,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 08:15:38 | 000,679,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 08:15:38 | 000,164,332 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 08:15:38 | 000,133,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 08:14:32 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.03.19 08:11:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 08:11:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 08:11:14 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 08:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.19 07:42:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 07:29:06 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 07:29:06 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 06:58:53 | 001,011,756 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.03.18 06:58:53 | 000,053,051 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.03.16 10:07:40 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 09:19:58 | 000,000,216 | ---- | M] () -- C:\Users\Wolff\defogger_reenable
[2013.03.14 17:43:32 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.13 18:10:57 | 000,125,420 | ---- | M] () -- C:\Users\Wolff\Documents\Readiris.DUS
[2013.03.13 09:58:45 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV24.dll
[2013.03.12 22:13:22 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk
[2013.03.12 22:13:22 | 000,000,150 | ---- | M] () -- C:\Windows\Readiris.ini
[2013.03.12 21:29:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 21:29:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 08:29:35 | 000,000,016 | ---- | M] () -- C:\Users\Wolff\preV14.dll
[2013.03.11 19:07:02 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk
[2013.03.08 15:05:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.03.07 12:14:29 | 000,003,652 | ---- | M] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk
[2013.03.07 07:58:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.07 07:58:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.07 07:58:33 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.07 07:58:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.07 07:58:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.06 16:50:04 | 000,275,160 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppr4-x64.dll
[2013.03.06 16:49:58 | 000,250,072 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppmon4.dll
[2013.03.02 07:59:03 | 000,000,241 | ---- | M] () -- C:\Users\Wolff\Documents\ax_files.xml
[2013.02.23 16:20:53 | 000,001,518 | ---- | M] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel
[2013.02.22 12:33:14 | 000,001,799 | ---- | M] () -- C:\Users\Wolff\Desktop\XnView.lnk
[2013.02.22 12:32:22 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.02.22 12:31:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 12:29:36 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.22 10:52:13 | 000,001,168 | ---- | M] () -- C:\Users\Wolff\Desktop\PC-Adreßzz! 7.x.LNK
[2013.02.22 10:50:09 | 000,001,197 | ---- | M] () -- C:\Users\Wolff\Desktop\Safer Mail 6.x.LNK
[2013.02.21 19:16:13 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.20 20:07:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.19 09:06:25 | 000,000,243 | ---- | M] () -- C:\Users\Wolff\Documents\acad.err
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.16 10:07:40 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 09:19:58 | 000,000,216 | ---- | C] () -- C:\Users\Wolff\defogger_reenable
[2013.03.16 08:12:58 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.03.13 18:03:10 | 000,125,420 | ---- | C] () -- C:\Users\Wolff\Documents\Readiris.DUS
[2013.03.12 22:13:22 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Readiris Pro 12.lnk
[2013.03.12 22:13:22 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2013.03.11 19:07:07 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV24.dll
[2013.03.11 19:07:02 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\PC-Formular VERGABE 4.2.lnk
[2013.03.07 12:14:29 | 000,003,652 | ---- | C] () -- C:\Users\Wolff\Desktop\Sicherungskopien.lnk
[2013.02.23 16:20:53 | 000,001,518 | ---- | C] () -- C:\Users\Wolff\AppData\Local\recently-used.xbel
[2013.02.23 16:04:13 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.02.22 12:33:14 | 000,001,799 | ---- | C] () -- C:\Users\Wolff\Desktop\XnView.lnk
[2013.02.22 12:29:36 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.22 12:29:36 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.21 19:28:02 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.20 12:11:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 09:06:25 | 000,000,243 | ---- | C] () -- C:\Users\Wolff\Documents\acad.err
[2013.02.02 19:05:31 | 000,004,608 | ---- | C] () -- C:\Users\Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.13 16:43:42 | 000,700,365 | ---- | C] () -- C:\Windows\unins000.exe
[2012.10.13 16:43:42 | 000,032,607 | ---- | C] () -- C:\Windows\unins000.dat
[2012.10.03 09:55:25 | 000,007,143 | ---- | C] () -- C:\Windows\Rohre.ini
[2012.10.03 09:07:58 | 001,511,936 | ---- | C] () -- C:\Windows\SysWow64\Vdk200.dll
[2012.10.03 09:07:58 | 001,121,280 | ---- | C] () -- C:\Windows\SysWow64\flt_pdf.dll
[2012.10.03 09:07:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\vgw_url.dll
[2012.10.03 09:07:58 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\flt_rec.dll
[2012.10.03 09:07:58 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\flt_kv.dll
[2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_tofl.dll
[2012.10.03 09:07:58 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\flt_meta.dll
[2012.10.03 09:07:58 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\flt_tobf.dll
[2012.10.03 09:07:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\utf7.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\utf8.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\unicode.dll
[2012.10.03 09:07:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\europa3.dll
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XTree.ini
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XSearch.ini
[2012.10.03 09:07:58 | 000,000,163 | ---- | C] () -- C:\Windows\XIndex.ini
[2012.10.01 12:27:42 | 000,000,221 | ---- | C] () -- C:\Windows\espia.ini
[2012.10.01 12:22:24 | 000,000,353 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.10.01 12:20:25 | 000,000,227 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.01 10:51:30 | 000,000,093 | ---- | C] () -- C:\Users\Wolff\AppData\Local\fusioncache.dat
[2012.09.29 14:18:02 | 001,011,756 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 20:00:06 | 000,000,016 | ---- | C] () -- C:\Users\Wolff\preV14.dll
[2012.09.28 19:31:53 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll
[2012.09.28 19:31:24 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2012.09.28 19:31:24 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2012.09.28 19:31:24 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll
[2012.09.28 19:13:45 | 000,000,397 | ---- | C] () -- C:\Windows\BoxUtil.INI
[2012.09.28 19:13:45 | 000,000,171 | ---- | C] () -- C:\Windows\MBoxWin.ini
[2012.09.28 18:48:19 | 001,684,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.25 12:00:33 | 000,039,049 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.25 11:57:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.25 11:57:41 | 000,028,702 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.10 21:12:58 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.08 08:44:04 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 08:15:41 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolff\Desktop\System\entferner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,34% Memory free
15,97 Gb Paging File | 13,80 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 39,85 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive F: | 107,42 Gb Total Space | 45,76 Gb Free Space | 42,59% Space Free | Partition Type: NTFS
Drive G: | 358,33 Gb Total Space | 118,32 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
 
Computer Name: CAD | User Name: Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F661A6-214A-40B3-A982-E8478411A85D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{270714B0-FB74-49BB-B34D-7E29CB8225E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2FDCD7FF-7AB0-4921-B174-B66B7D675411}" = lport=137 | protocol=17 | dir=in | app=system | 
"{323354F5-909A-4117-8175-56F947ABCAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3876B242-A740-4D19-91F7-89B66FB377BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41D3D313-8C8D-4E9C-AFE3-9B5BC244FE1C}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{58905349-EB4D-45E3-8845-736834716D2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6162214F-B5F4-4371-965E-BB04F97B2267}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6B243003-1860-4D62-AB43-A51ACF9B8CBB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7441FF7A-A6DE-401B-8C60-5E1CF5C0D10D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{87C4D4CA-9FC3-49B9-A561-E86EA666DC9E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8AE6C0F5-2600-451E-9BAC-7AC2ABE269F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{903650D9-44C8-4C41-8A38-3D31CA4C3BAC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9769E2BE-8A81-464D-B6F9-13F9906C374B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9BA63D2C-7B61-4DE0-AC68-DE7260A7DD95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAEE13CC-1632-4C03-B373-75A6EDF8951F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AD4A1ED2-8956-4F2A-A75F-D90D4C48C9DD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AFD9FF79-C2FB-4D7B-AA46-E124D3A32D91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BB424448-41BC-4CAC-9BF3-2FD014160C52}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C25D0FF5-D489-45D2-B663-3841690F71E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CECDC566-BF3F-4041-B7B3-EB89CE93278A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4FFE512-36DD-47AE-899E-DB5E107F9782}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{EE3A6035-4906-4009-8484-CB95357B41EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F417E294-ABB5-4E32-A1BA-6E5EA7D6BEFD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8E0FF58-3A2D-48A2-A49A-D434C35C72EE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B56FA73-D6E0-4BBE-8CAD-1A961E93E1B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{152B1D08-569B-4FA9-A0E6-E57F7739A080}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{19BF6D43-76C8-42A9-A212-7D37A0113159}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1FB5E3E8-25B4-4E4E-ABB9-67FDBC161623}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2C0D66DE-985A-4E70-A30D-0648F15EE07F}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe | 
"{445D9B44-874D-4551-B479-56133529C143}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B8D5B33-64D0-4C5C-8C09-FF8D532DDAB5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4E55DCE2-D15B-482E-9FDC-FCE904CC2803}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe | 
"{5795754A-B4F5-4B9F-9E56-653AE0D4899A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61BF740E-1F89-4610-B4AD-841A84B37EEB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6BD568BA-AA90-4826-9E3C-A919D3E8B14F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80C519B5-3F66-41E2-BFBF-0A3C0999C5B6}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe | 
"{8F8A9365-A253-43E3-BBFF-A98785724DE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AA729D65-1EF8-4858-B650-248BAFA4C4D1}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe | 
"{B1C2B0EE-F5A9-43A1-A6DF-D90A337ED0D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B2ACF863-BAF6-4D66-93EE-57E777F18F6B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BD21C4D3-200B-46BA-B156-BF87DC56CC7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BDE54050-318F-4AB4-8C96-4F7D82BCCE0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C02F445B-3C16-4EFE-8F50-83649EB45212}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CABE40A7-D33E-4545-B347-D23EBA781F91}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"{CC4D62E9-6D75-4F78-B312-2B0582E9A365}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D91FFBA3-CE2F-4B69-BE98-6E408C8B3754}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DD16C6B1-2138-487C-A5BB-F965DAAC0FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E698A7B9-681C-4205-8E69-E0362D2464F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EBBBF100-97D6-45E1-A9ED-9D1A5AADF19E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EBF28DCD-821D-4FCA-AA2B-5360AB6EA347}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FAF0FB4A-67BF-4610-B79E-F1F6A59DFE85}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FCA996D8-99FC-4BA5-B0EB-94CF40AFEED4}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"TCP Query User{39492561-76AE-49F6-BA8F-FD29F8718C54}C:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"TCP Query User{3ACA99E7-179D-46A5-BA2E-8F06F10DC340}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe | 
"TCP Query User{3F192E4A-05A9-4E5B-A61E-0271046DFA0D}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe | 
"UDP Query User{0B6BE29D-D6D3-4197-AB33-9C179FC55CBA}C:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"UDP Query User{286661B2-55B7-48AD-B553-708F16FFA7DA}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe | 
"UDP Query User{BD84C7F4-6A4C-4626-9335-2B43CA328F83}C:\program files (x86)\hastasoft\pcadress\pca20.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hastasoft\pcadress\pca20.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15BC6A33-01B9-4911-8487-611A53A3C04C}" = CGSCivil3DTools 2013 DEU
"{18C072CD-329D-4681-A714-13EE5DBEF711}" = Macrium Reflect Standard Edition
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45634476-E95A-420E-8BB4-9285D7FD9FB8}" = HP ePrint and Share
"{477D0032-A4FC-4F9E-8C74-CBA40B712E88}" = Autodesk® Storm and Sanitary Analysis 2012 x64 Plug-in
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A000-0407-0102-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1102-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{6084673C-0F68-4007-B791-0603663F1E55}" = AutoCAD Civil 3D 2012 Extension
"{615C9088-E58C-448A-B5F3-AB5F51F29082}" = 64 Bit HP CIO Components Installer
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92427257-DF69-4842-8006-3D72438925FB}" = Autodesk Subassembly Composer on AutoCAD Civil 3D 2012 - German (Standard)
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.0.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E598BA7B-3665-42D5-901D-429F99C23668}" = CGS plus License Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Auerswald Fax Drucker" = Auerswald Fax
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"AutoCAD Civil 3D 2012 SP2" = AutoCAD Civil 3D 2012 SP2
"FinePrint" = FinePrint
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PDF Report Writer_is1" = PDF Report Writer (novaPDF 6.4  printer)
"pdfFactory Pro" = pdfFactory Pro
"sp6" = Logitech SetPoint 6.52
"Ultravnc2_is1" = UltraVnc
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07291D1E-253B-4250-9263-4944898FD423}" = CadTools
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0B5A3E68-DC81-4A4A-BB37-39EF8E782312}" = Herrnhuter Losungen
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2C8E33AD-BF1D-4F35-AE5E-DD0978D6325A}" = ASBwin 9.0
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{336E61EA-E5DF-40E3-BB16-0F1A814AF368}" = STLB-Bau XML V2 - Client
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{366E1711-9FDC-4FCE-87AC-B87AC956BD8B}" = PC-Formular VERGABE 4.2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1" = Ashampoo WinOptimizer 2013 v.1.0.0
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{541217C0-5D69-45F3-9AC7-5321C0E16336}" = BOX Utility
"{55436A44-8385-4542-B38D-164713E1472A}" = SFirm32
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}" = HEC-RAS 4.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C67B335-C9F1-4202-8DB0-66F70C7796A6}" = AutoCAD Civil 3D 2012 32-Bit Objektaktivierer auf Autodesk Content Service - Language Neutral
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 3.6.0)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9502236B-D280-4105-9F9C-5C8140E35FF6}_is1" = GCR NAS Basistool Version 2.0
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0189FA-E34F-40ED-B163-0EFA73DEFF70}" = WSP-ASS 4.0
"{A2B09CFD-F0B2-30AF-8DF4-1DF6B63FC7B5}" = Auerswald COMfortel Set 2.8.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}" = Readiris Pro 12
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{D7926497-E476-489B-B4E9-DBFCA45483A2}" = Autodesk® Storm and Sanitary Analysis 2012
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SIBBauwerke)
"{E942B812-0768-48EE-903D-87B7EE463117}" = HTML.Browser.Framework 3.5.3 (x86)
"{EDC7967D-3D16-456F-BD6D-A3241A92879C}" = PC-Formular VERGABE 4.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate
"{FE37D048-272A-4005-BBA3-32ECB15C9A9B}" = AutoCAD Civil 3D 2012 32-Bit Objektaktivierer auf Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"autolyrics@man-soft.net" = Auto Lyrics
"DeInst_d2vexcrdTop50 Viewer (Build 1.1.5.596)" = Top50 Viewer
"ESET Online Scanner" = ESET Online Scanner v3
"Essential XML Editor" = Essential XML Editor
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"InstallShield_{15BC6A33-01B9-4911-8487-611A53A3C04C}" = CGSCivil3DTools 2013 DEU
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{541217C0-5D69-45F3-9AC7-5321C0E16336}" = BOX Utility
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ODBC" = ODBC
"OnlineBible" = Online Bibel 12.24
"PCA25-u" = PC-Adreßzz! 7.x deinstalieren
"PROHYBRIDR" = 2007 Microsoft Office system
"SaferMail-u" = Safer Mail deinstalieren
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SIB-BAUWERKE V 1.82" = SIB-BAUWERKE V 1.82
"SoftwareUpdater" = SoftwareUpdater
"Straßenbau A-Z" = Straßenbau A-Z deinstallieren
"sv.net" = sv.net
"VCmaster 2013_is1" = VCmaster 2013
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"XnView_is1" = XnView 1.99.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1368962729-2837005782-3201891072-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"OnlineBible" = Online Bibel 12.24
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.03.2013 03:13:11 | Computer Name = CAD | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 29.12.2012 00:42:03 | Computer Name = CAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.02.2013 05:30:52 | Computer Name = CAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 170
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         
Antivirus 2013 von gdata wieder installiert.
Rechner neu gestartet.

Nach Update des Virenscaner sind die WerbeFlashbilder immer noch da.

Antwort

Themen zu betroffen von adserverplus.com und hält sich hartäckig
aktion, angeboten, antivirus, ausführung, brauche, ccleaner, center, dateien, download, eingefangen, gdata, gelöscht, installiert, log-datei, malwarebytes, programm, quarantäne, rechner, recycler, schutz, trojaner, update, virenschutz, virus, wireless



Ähnliche Themen: betroffen von adserverplus.com und hält sich hartäckig


  1. New Player exe hält sich hartnäckig
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (2)
  2. Heartbleed: US-Regierung hält IT-Schwachstellen geheim
    Nachrichten - 29.04.2014 (0)
  3. Adserverplus und Adwcleaner lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (17)
  4. Ad.adserverplus.com öffnet sich ständig
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (8)
  5. ad.adserverplus.com öffnet sich immer
    Log-Analyse und Auswertung - 02.11.2012 (17)
  6. ad.adserverplus.com Trojaner..Ständig öffnet sich Fenster mit diesem Link
    Log-Analyse und Auswertung - 23.09.2012 (1)
  7. bka-trojaner hält sich hartnäckig
    Log-Analyse und Auswertung - 11.07.2012 (25)
  8. lost+found: iPhone zeigt sich verschlossen, Firewire hingegen offen, Avast hält Macs den Rücken frei
    Nachrichten - 30.04.2012 (0)
  9. Trojan.gen in syshost.exe, cpu hält sich hoch!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (6)
  10. Microsoft hält WebGL für zu unsicher
    Nachrichten - 17.06.2011 (0)
  11. Opera hält URL für schädlich
    Überwachung, Datenschutz und Spam - 31.03.2011 (4)
  12. Virtumone.prx hält sich härtnäckig auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (29)
  13. Eventuell betroffen - Firefox beginnt sich aufzuhängen, dann der ganze PC.
    Log-Analyse und Auswertung - 28.12.2009 (1)
  14. TR/Dldr.Delf.ZU hält mich in schach
    Plagegeister aller Art und deren Bekämpfung - 18.11.2005 (5)
  15. HELP Please, meine Rechner hält es net mehr aus:(
    Log-Analyse und Auswertung - 29.10.2004 (5)
  16. Vernunft hält Einzug....
    Überwachung, Datenschutz und Spam - 13.05.2004 (1)

Zum Thema betroffen von adserverplus.com und hält sich hartäckig - Hallo mein Rechner wurde "Adserverplus.com" Trojaner / Virus befallen und brauche Unterstützung um das Ding zu beseitigen. Irgendwie bekomme ich es nicht hin. Ich muss mir das Ding eingefangen haben, - betroffen von adserverplus.com und hält sich hartäckig...
Archiv
Du betrachtest: betroffen von adserverplus.com und hält sich hartäckig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.