| |
| |||||||
Log-Analyse und Auswertung: Tapiui.DLL - Performance-Probleme & Absturz?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.04.2013, 11:06
| #1 |
 |  Tapiui.DLL - Performance-Probleme & Absturz? Hallo! Hab schon seit Längerem ein Problem, und zwar hängt sich mein Firefox regelmäßig auf und er arbeitet generell etwas langsam. Was mir dabei aufgefallen ist, ist das tapiui.dll sich ebenfalls aufhängt und instabil ist. Ein Virenscan von Avira hat nichts gezeigt, ebensowenig ein Hijack This-Scan. Eine Neuinstallation von Firefox war auch erfolglos. Im Safe Mode funktioniert er jedoch stabiler. Ich bin dennoch davon überzeugt, dass irgendwas in der DLL-Datei meinen Browser lahmt, es also kein Firefox-Problem ist. Würde mich über euren Rat sehr freuen. Immer mit dem Gedanken surfen zu müssen dass der Browser jede Sekunde abstürzt ist mehr als nervig, und ein Browserwechsel kommt einfach nicht in Frage. Danke schon mal im Vorraus! MfG Code:
ATTFilter OTL logfile created on: 08.04.2013 11:25:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\#\Desktop\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,31% Memory free 15,96 Gb Paging File | 13,89 Gb Available in Paging File | 87,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 10,19 Gb Free Space | 10,45% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 102,66 Gb Free Space | 27,89% Space Free | Partition Type: NTFS Drive E: | 455,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 698,63 Gb Total Space | 16,54 Gb Free Space | 2,37% Space Free | Partition Type: NTFS Computer Name: #-PC | User Name: # | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.04 11:45:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\#\Desktop\I MOG DES NIT\OTL.exe PRC - [2013.04.04 11:45:33 | 000,050,477 | ---- | M] () -- C:\Users\#\Desktop\I MOG DES NIT\Defogger.exe PRC - [2013.04.03 20:30:59 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.03.29 14:41:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 14:41:03 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 14:41:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 13:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2012.01.18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012.01.18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012.01.18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2011.12.18 17:01:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe PRC - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe PRC - [2009.12.10 11:16:08 | 001,643,808 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe ========== Modules (No Company Name) ========== MOD - [2013.04.04 11:45:33 | 000,050,477 | ---- | M] () -- C:\Users\#\Desktop\I MOG DES NIT\Defogger.exe MOD - [2013.03.07 16:29:21 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.12.10 11:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu MOD - [2009.02.27 17:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ========== Services (SafeList) ========== SRV:64bit: - [2013.03.18 20:18:09 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\tapiui64.exe -- (TCPSVCSd) SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2013.03.29 14:41:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 14:41:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.12 22:28:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 13:21:53 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2012.01.23 09:38:24 | 007,515,000 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.01.23 09:38:24 | 000,552,312 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2012.01.18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012.01.18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.01.18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.12.18 17:01:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.12 20:31:39 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.18 00:26:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64) SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.03.01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 22:49:12 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 14:41:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 14:41:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 14:41:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.11 18:33:09 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.25 19:44:08 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.09.25 19:44:08 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.01.18 17:11:58 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2012.01.18 17:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012.01.18 17:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.01.18 17:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012.01.18 14:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012.01.18 14:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.11.21 00:19:34 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.17 13:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.03.17 13:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.03.17 13:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.03.06 01:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2009.12.10 11:15:56 | 000,787,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.10.11 18:33:09 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE BA 61 04 10 2B CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.3 FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2 FF - prefs.js..extensions.enabledAddons: kitsuneymg%40gmail.com:1.0.6 FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1))%20%7B%20return%20'PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\#\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 13:01:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 12:51:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 11:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.19 13:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#\AppData\Roaming\mozilla\Extensions [2013.03.25 22:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#\AppData\Roaming\mozilla\Firefox\Profiles\4md1e8gj.default\extensions [2013.03.19 13:03:32 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.25 22:04:40 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.03.19 13:04:04 | 000,006,516 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\kitsuneymg@gmail.com.xpi [2013.03.19 13:04:04 | 000,001,736 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2013.03.19 13:04:04 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013.03.25 22:02:51 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.03.19 13:03:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.21 13:18:10 | 000,009,117 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\flickr.xml [2013.03.20 21:56:50 | 000,001,959 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\lastfm.xml [2013.03.24 14:12:44 | 000,001,330 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\wikipedia-en.xml [2013.03.20 01:21:24 | 000,002,057 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\youtube-videosuche.xml [2013.03.19 13:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 12:51:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.31 21:59:38 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80653630-F768-46F0-B696-39882B31D52F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.05.29 13:08:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2000.09.24 21:19:57 | 000,000,063 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{3d398fe6-c45b-11e1-bc6e-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{3d398fe6-c45b-11e1-bc6e-005056c00008}\Shell\AutoRun\command - "" = H:\SISetup.exe O33 - MountPoints2\{40987338-13c4-11e1-b0b9-14dae96d8089}\Shell - "" = AutoRun O33 - MountPoints2\{40987338-13c4-11e1-b0b9-14dae96d8089}\Shell\AutoRun\command - "" = F:\RunGame.exe O33 - MountPoints2\{60f75e49-1147-11e1-9a2b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{60f75e49-1147-11e1-9a2b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2000.09.24 21:19:57 | 000,092,672 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 14:46:02 | 000,000,000 | ---D | C] -- D:\Daten\SimCity [2013.04.04 14:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ [2013.04.04 14:44:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.04.04 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.04.04 14:32:34 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Origin [2013.04.04 14:32:33 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Local\Origin [2013.04.04 14:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.04.04 14:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.04.04 14:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.04.04 14:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.04.04 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.03 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013 [2013.04.03 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite [2013.03.29 14:41:32 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:41:32 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:41:32 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.23 20:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.23 15:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2013.03.20 17:47:03 | 000,000,000 | ---D | C] -- C:\Users\#\Desktop\backups [2013.03.19 13:01:55 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Mozilla [2013.03.19 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Sync App Settings [2013.03.19 12:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings [2013.03.19 12:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync [2013.03.19 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync [2013.03.19 11:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut [2013.03.19 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Local\Programs [2013.03.19 11:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2013.03.19 11:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2013.03.19 11:17:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.03.18 20:19:06 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Jumping Bytes [2013.03.18 20:18:14 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013.03.18 20:18:09 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\DesktopIconForAmazon [2013.03.18 20:18:08 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Opera [2013.03.18 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\OCS [2013.03.17 03:37:35 | 000,000,000 | ---D | C] -- D:\Daten\Anno 1404 [2013.03.16 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Ubisoft [2013.03.16 22:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2013.03.16 21:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Keeper Complete Collection [2013.03.16 17:43:15 | 000,000,000 | ---D | C] -- C:\Users\#\.tuxguitar-1.2 [2013.03.16 17:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar [2013.03.16 17:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuxGuitar [2013.03.14 23:50:58 | 000,000,000 | ---D | C] -- D:\Daten\Inventor Server SDK ACAD 2013 [2013.03.13 17:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.12 23:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2013.03.12 23:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ASGVIS [2013.03.11 23:23:52 | 000,000,000 | ---D | C] -- C:\Lyrics [2013.03.11 23:23:42 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\MiniLyrics [2013.03.11 23:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics [2013.03.11 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniLyrics [2013.03.09 15:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Simulator Configuration Tool [2013.03.09 15:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Addon Mod [2013.03.09 15:43:39 | 000,000,000 | ---D | C] -- C:\Users\#\Desktop\NetworkAddonMod_Setup [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.08 11:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.08 11:24:55 | 000,000,168 | ---- | M] () -- C:\Users\#\defogger_reenable [2013.04.08 11:08:16 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 11:08:16 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 11:00:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.08 11:00:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.08 11:00:05 | 2133,561,343 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 23:55:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.06 14:59:35 | 003,072,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 14:32:44 | 001,620,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.04 14:32:44 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.04 14:32:44 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.04 14:32:44 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.04 14:32:44 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.04 00:22:45 | 000,000,214 | ---- | M] () -- C:\Users\#\Desktop\StoneSour.com.URL [2013.04.02 17:17:13 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.29 14:41:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:41:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:41:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.29 14:35:47 | 000,001,017 | ---- | M] () -- C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.19 11:52:49 | 037,593,770 | ---- | M] () -- D:\Daten\Firefox 19.0.2 (de) - 2013-03-19.pcv [2013.03.18 20:18:09 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\tapiui64.exe [2013.03.12 22:58:07 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx [2013.03.11 18:26:55 | 000,000,224 | ---- | M] () -- C:\Users\#\Desktop\Franz Liszt - Ungarische Rhapsodie no.2 - YouTube.URL [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 11:24:55 | 000,000,168 | ---- | C] () -- C:\Users\#\defogger_reenable [2013.04.04 00:22:45 | 000,000,214 | ---- | C] () -- C:\Users\#\Desktop\StoneSour.com.URL [2013.03.19 13:01:52 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.19 13:01:52 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.19 11:52:24 | 037,593,770 | ---- | C] () -- D:\Daten\Firefox 19.0.2 (de) - 2013-03-19.pcv [2013.03.18 20:23:21 | 001,009,654 | ---- | C] () -- D:\Daten\Fox_Movie_World_65.SV6 [2013.03.18 20:23:21 | 000,535,520 | ---- | C] () -- D:\Daten\Majesty Legoland 17.SV6 [2013.03.18 20:23:18 | 105,040,768 | ---- | C] () -- D:\Daten\Fonts.zip [2013.03.18 20:23:15 | 093,151,006 | ---- | C] () -- D:\Daten\Conan_-_Monnos.7z [2013.03.18 20:23:15 | 000,470,360 | ---- | C] () -- D:\Daten\bookmarks.html [2013.03.18 20:23:15 | 000,058,116 | ---- | C] () -- D:\Daten\AutoSave_Untitled.skp [2013.03.18 20:18:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.03.18 20:18:09 | 000,114,688 | ---- | C] () -- C:\Windows\SysNative\tapiui64.exe [2013.03.12 22:58:07 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF8a.ocx [2013.03.11 18:26:55 | 000,000,224 | ---- | C] () -- C:\Users\#\Desktop\Franz Liszt - Ungarische Rhapsodie no.2 - YouTube.URL [2012.11.06 14:07:39 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.05.11 13:19:58 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.05.10 12:16:04 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2012.05.10 09:51:24 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.05.10 09:51:24 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2012.05.10 09:51:24 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.21 21:19:10 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.05 17:41:50 | 000,000,037 | ---- | C] () -- C:\Users\#\AppData\Roaming\Winamp_BackupWinamp_Backup_Integrity.winampbackup [2011.12.19 14:47:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011.12.18 17:01:24 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.18 17:01:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.12 01:13:39 | 000,000,400 | ---- | C] () -- C:\Windows\g_lfolqn712.ini [2011.12.12 01:13:39 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bfrpsej167.dat [2011.11.18 18:47:20 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.11.17 20:58:15 | 001,597,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.17 20:40:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.06 16:50:58 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\.minecraft [2012.06.20 15:54:29 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Abvent [2012.06.20 15:54:29 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Abvent_Artlantis4 [2012.09.25 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\ASCOMP Software [2012.11.10 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Ashampoo [2011.12.19 14:48:45 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Atari [2012.11.20 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Autodesk [2012.02.16 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\DAEMON Tools Lite [2013.03.19 11:17:09 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\DesktopIconForAmazon [2013.04.08 11:01:08 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Dropbox [2013.04.07 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\FileZilla [2012.05.10 17:08:57 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\IrfanView [2013.03.18 20:19:06 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Jumping Bytes [2012.01.13 00:40:20 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Leadertech [2013.03.07 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\LucasArts [2013.04.07 19:56:30 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\MiniLyrics [2012.03.27 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Miranda [2012.06.20 17:20:04 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\ML [2012.01.19 15:01:46 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Notepad++ [2013.03.18 20:18:06 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\OCS [2011.11.22 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\OpenOffice.org [2013.03.18 20:18:08 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Opera [2013.04.05 00:42:47 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Origin [2012.05.29 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Samsung [2013.04.07 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Spotify [2013.03.19 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Sync App Settings [2013.02.25 01:01:06 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\SyncTunesDesktop [2012.07.25 21:36:31 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\TeamViewer [2011.11.17 16:51:48 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Thunderbird [2013.03.16 22:56:44 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Ubisoft [2013.03.08 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\#\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.04.2013 11:47:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\#\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 73,93% Memory free
15,96 Gb Paging File | 13,61 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 11,00 Gb Free Space | 11,27% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 105,41 Gb Free Space | 28,64% Space Free | Partition Type: NTFS
Drive G: | 698,63 Gb Total Space | 16,54 Gb Free Space | 2,37% Space Free | Partition Type: NTFS
Computer Name: #-PC | User Name: # | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAFD372-F733-4535-9172-8FFBD1917453}" = rport=445 | protocol=6 | dir=out | app=system |
"{12548A41-58AC-4688-9F3C-5291C5AF171A}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{1590EFEC-41CC-45EF-A764-7749C281890E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2498CA81-C4FB-48E1-A344-07D5F2857051}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47EDF200-F5B6-4339-9DB1-2D8DEBD44F7D}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{4F2049A5-32F0-4599-BDD0-08898050BD08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52AB130B-9CBF-4C37-AC0D-EFA40F8AF825}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{563E890C-59AB-4753-A16E-056A68771F8D}" = rport=139 | protocol=6 | dir=out | app=system |
"{60887AD5-1D98-4DDF-891A-549CBF611E01}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{68237433-71E4-4816-B230-5F56FCE94BC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C38B0AA-1AD6-4EDC-B0A9-08249FF3F55D}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E4D52D0-5C54-44FF-A8D6-B1EA118138D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F754A2C-2BD5-4310-BA92-517BB35BB7EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75F1F681-93D7-47AA-B8BB-FAC25A326FCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79818E8A-AAC6-401D-B8F9-CD76BEF23309}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DCD4572-59F5-4D80-99AC-AE221DB6BCA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82854198-C21A-403D-9F19-5E7F89A49106}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84C0CFAD-8477-44BB-ACF6-4ECA03969AE3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85649610-FBBE-4539-BEA9-138954C5A9BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{900DAA92-DE92-4B44-9F7A-4FF73E8E093B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B79133C-713E-4665-A2AA-209D1DC01FD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A661C632-7D8B-4F51-9A09-F25828CFD964}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5433370-EEDE-4411-91EC-E58EE78380CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{BA06E99F-6A55-4161-911C-8CCE820EDA4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDF3C143-97C1-4EB7-A347-855D2A0EA65C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE809C92-4C5B-42A1-9112-58FFD24F893A}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF61394D-1C5F-4A08-BD4A-9041BC7C2256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C66A866D-BB89-4E2F-9C53-18B51C45E1BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B36F94-E8D6-46D6-92AF-A40492357485}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D03F2716-B1F5-4549-8379-BB70C8471B44}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{D1AFEDC9-6CA3-41CA-AB69-B415643E55BB}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{D4B32C4F-6E06-499B-AAAE-BCAA1F872981}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DBA75F84-4644-4605-A385-BEE2BC0C70FF}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{E24D6E83-EBF7-4E63-9009-6A9D1A0E292F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{EB11BB99-A39D-4236-B66C-AEE5C23C5880}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED0C8042-39E8-45ED-B855-32199B9D0832}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F6CA969D-1145-4009-A8A0-8C931A4E4BDB}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA30ECA0-0A05-40AA-A4C8-C75030EA9F5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD44DD2B-7896-44DA-94C6-32CA5C668AEE}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008ACDBA-88B5-4D17-AAC9-29054E8370BF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\#\day of defeat\hl.exe |
"{0273E1A5-66B9-42F4-B6DA-18047C97D9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{04D21294-467F-4804-A162-D655271CEA96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08587AE2-B4B3-4698-9613-99544FCA108F}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsb84a.tmp\easyinst64.exe |
"{0A0C1522-5C2D-4760-B6C9-2A1A4B984F7B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{0D1F492E-4E8E-4113-BA17-EFB15E06C9D6}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{0D1FD4E2-252F-4581-AC8D-D7F514F18057}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{0E8ED250-E191-4562-9C35-0F0A3599C38E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F534902-B6BA-4687-BD5E-0B6E7A083680}" = protocol=17 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{1471792F-06FE-4DB8-AAD2-0D6E709447DC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{14C1486A-C563-4C42-ACC7-43AD77C8EAC1}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\dropbox\bin\dropbox.exe |
"{14CCF4B8-2635-45F1-A2BC-2E1311EAD80C}" = protocol=17 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{17265453-7562-4D64-86B2-7D76B4F62B2E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{1B011913-3F88-4B83-A18A-0F43C4710B90}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{202418C7-1F28-49AF-BBE9-8177117805AA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{24647528-88D9-4303-BD9A-C7B428D0B024}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{24DA4BB3-BA47-4CFA-995C-7FD36DFF0CFC}" = protocol=6 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"{2AB162F8-FDF8-4EF3-B3BB-19A3712D6203}" = protocol=6 | dir=out | app=system |
"{2DCC1DF7-6486-4704-B8AC-9F881E8F732E}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{2E317F64-EF51-4975-82BD-606150BE3DDF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{307E64E0-AE5D-4692-B964-8232240CCB97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30CFD0E0-2D26-45DA-83C4-5D15F8A3DB71}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{33DEDD79-F8CA-44DB-8A24-69E02824CCB2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{354E3674-5F84-4A9B-A536-791DD5810B78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38DC5B54-F37F-434B-A952-CDEBA0D866E8}" = protocol=6 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"{3921FDDA-35B3-4136-A79D-FBD4C9EB753C}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsa1b3.tmp\easyinst64.exe |
"{3BB126A5-D7C0-429B-840B-B5ADE1265E9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BC466C5-67E9-4420-98AD-059CD6B339CC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{3D42F190-5939-457A-8A7C-AD9588C5FF64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F76814D-82C5-495E-8FCC-48B7086398AD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\#\team fortress 2\hl2.exe |
"{4089B4F3-ED8B-4265-BEF0-7D40FBF2361C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{40D4700C-615E-4AF9-9DC5-691332EC7445}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{4678ED75-63D8-42E0-BE03-38268EF2E1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47381E2B-A33D-4228-9F36-5160F161E4F0}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{479210D6-F5C3-486C-9291-1F2F5EF507EA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{4850C64F-13EF-4050-84D6-593C43E8803A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\#\team fortress 2\hl2.exe |
"{4B27C719-600F-42FD-8ED0-159ACF1E3AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{522F6EC9-D3B3-4BD6-8E06-C393C6FEB167}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52B4805A-CCF8-43D4-A104-FB233BB619C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{53651DE3-3B36-4A5A-BF53-32E6923A7922}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{54A00F0C-BCF1-4648-BEB2-6E03F1F63D5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57F29136-5611-4BDB-B6AC-D3DC53675413}" = protocol=17 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{58F0DD74-296F-4C05-9C8F-60B28794E9BB}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsab4b.tmp\easyinst64.exe |
"{5BF62E22-FCE9-49ED-9817-ED3382683AA7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{5EBEF418-BB9B-4A41-818E-8BA740CBE9AC}" = protocol=6 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{5F07D6B2-734C-4177-A427-DCDE094931ED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{62DD6C29-0D1F-4FE7-B146-88CE23B3DE24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{64E6648F-56AC-4E6D-9838-58B952AC07EF}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{67834B56-C184-406F-B9A1-E7DF4094D94F}" = protocol=6 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{691A2DCB-48C6-406C-8FF8-A8C9ADFDC416}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsab4b.tmp\easyinst64.exe |
"{6C1A30FC-DB27-4F3E-835B-8B5078750A85}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{714DF4B8-AC7E-41E8-A3FF-6B566E97EA54}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{7CB0721F-9012-4CC9-AB40-B05B77E42245}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D344152-7988-4027-8556-89595681EE6B}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{849F955C-C3A2-4ACA-BCAF-444F6D72D53F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{87D2B8B6-1C14-4313-B3E4-D6D02E5CFABE}" = protocol=17 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{8AE8EF8D-C143-4665-9CFB-2219562EBB18}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{8B9FFC9D-4267-40D4-914B-6224060EB629}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{8ED72352-6236-4E56-ABD3-2C7F994EB410}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{92CEE5B8-B093-43BC-8002-26166AF43652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94AD9E56-FEEE-4934-A951-8B051EB2DEB9}" = protocol=17 | dir=in | app=d:\games\defcon\defcon.exe |
"{9606871B-B672-4E39-843F-5B75D588BFCB}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{960D14CD-A166-4E50-A5DF-2A9523A14335}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{963CE535-9F5E-4801-A8AF-3671EDC1DB0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96439218-3446-416C-A023-8192156C3D23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96A7554E-4193-48A6-9135-794AD34E15CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{988D3E00-F8A8-4957-8341-55B5F28AEC29}" = protocol=6 | dir=in | app=d:\games\defcon\defcon.exe |
"{9ADFADC3-611F-4226-82DD-1933962D5CB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C554F64-7867-44BD-926A-5350FB5F23E3}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsa1b3.tmp\easyinst64.exe |
"{9C8D52FD-D5D1-4ED9-9A45-A8A635B104A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D3D0348-B76A-43C3-90FB-2828C053A673}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{A0B333D9-79D8-40A5-BB5B-7F7CE7E4B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3193B29-6673-44D6-8AD0-AB4F8B9BBA99}" = protocol=17 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"{AB6F3F14-AFB3-4537-AE42-D6EDE977E499}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC42405A-534E-4B97-9BA0-D82906845AC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD762EEF-39AE-480F-B1D1-2AEF0767A4D1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AECFA2FC-6653-4B33-85EB-8E1737AB2FFF}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{B282007A-EA46-44E9-99C6-9E08273EA956}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{B60A709C-0ED9-428F-9B95-32D0A7FB4AEF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{B84772ED-0A28-49DB-9F27-64B8AAD05D95}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B85DBAA0-A521-48BE-99EA-B61E2719FD5E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{BD5A55E4-43D5-4F1A-9799-0D78FA99F926}" = protocol=6 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{C5EC9DD2-2969-47B4-8C6A-6F46194017E7}" = protocol=17 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{C6E75C2C-BC16-4229-A8CC-CABA66ACE89F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{C6EE8D3C-A079-4159-BE81-8EB0DC96FE96}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{C764A5B0-142A-4B28-AB4A-EC9B9F5D05FB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C850C463-82BD-48DE-B857-2DC77FE5AF7B}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\dropbox\bin\dropbox.exe |
"{CD592509-F0F4-43C4-B8E0-66FA2FE2CDF9}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{CE310789-75EF-4E4C-84EA-5B0892460971}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CFBBD1CC-63B0-49A3-ACDF-98761B3E1E7C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{D0E42CF9-8B1D-47AC-9A1F-D742E63D36E2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{D1671D62-7AD8-4530-A7FE-448BF07B7E27}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{D2FE1F8F-534F-488B-BB5A-ACE83E0B4EE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D53834C4-2AC6-4799-80DF-CE3F59B9EBF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D5E22FFE-8CC3-45F1-A36D-550FFD5838BF}" = protocol=6 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{DA7545A6-D927-4CE2-BF93-A0D18CDD6E14}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{DC187D1E-4147-4E37-BD5C-AA64658EB229}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC772A82-9870-474F-AB96-C53DA0481B11}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{DD559201-F0D0-44C7-8C87-E1EC64B8EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{DF1A0FFD-9B72-49AB-9872-18012B5A10D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1A8FF4A-15A6-406A-B6F1-55244AF24ABD}" = protocol=17 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"{E1FADC08-F115-498A-88AB-F39E36126787}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E222F174-D8FE-4A2D-BCAD-915ED6693124}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3B45BE5-C099-4262-92DB-9E31ED54E302}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{E46C155C-82AC-4725-BAB3-43075E43192D}" = protocol=6 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{E6CB7C86-15EB-47A9-B213-CDD2D3158CC5}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsb84a.tmp\easyinst64.exe |
"{E7832A39-BD8B-49C4-AAE5-A0FB6CD7A176}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{EE8677E8-B497-4840-B7DB-4EEEEB245093}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{F395AA01-E884-4179-91C0-946657807AE5}" = dir=in | app=c:\program files (x86)\the bit studio\synctunes desktop\synctunes.exe |
"{F984BF96-6ADC-4439-95F3-F87B57A1A2E3}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{F9C65BBF-D139-4F3B-B08B-9ADFC9875313}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\#\day of defeat\hl.exe |
"{FBC10221-5BDA-4B38-AF50-18C7432D9DA9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"TCP Query User{021209B3-BFD8-417B-B973-474742589A8F}D:\games\left4dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\left4dead 2\left4dead2.exe |
"TCP Query User{03DC74EF-8E20-494B-A10C-43BD878B9E0F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{0759ED40-BC4E-4D50-AC5A-1BD710DB16F8}D:\games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"TCP Query User{0C80CCCD-F122-4B01-90B8-0F2A16F3748D}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{0CD36FCD-77C5-40A3-BF3E-A7805EA9EB99}D:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{1CCB2C0D-11D5-47CE-8A95-3BEC56D36505}D:\games\steam\steamapps\#\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\#\team fortress 2\hl2.exe |
"TCP Query User{3A979192-D99B-4BF1-8143-71729ACB2C46}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4294A731-9E8D-4F6A-8EDE-8FF6B7E1F96D}D:\games\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\games\day of defeat source\hl2.exe |
"TCP Query User{4760A9F5-0D84-4F67-9684-D58C3FEB151C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{4F6F1FDD-4B34-49AA-A94A-2E692E400F46}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{6CC32321-CDC6-403C-9E75-1B10C5ACC1E0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{74E50359-CAC1-4049-AE1F-98329F8D9CFF}D:\games\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=d:\games\flatout 2\flatout2.exe |
"TCP Query User{7B3CA050-97ED-43E7-8E1F-AA7AFFABA0CC}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{7CF4D801-26B3-4393-A940-09AF0991E5FC}D:\games\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\games\left4dead\left4dead.exe |
"TCP Query User{90D6DCDE-9052-488E-92B5-6962C6EB6A35}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A22722A1-7BD6-4CDB-B620-19FEC6312C1E}D:\games\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\games\anno 1701\anno1701.exe |
"TCP Query User{A7AAEA6F-0F85-4B2A-AD09-60F994BB11E6}D:\games\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\games\counter-strike 1.6\counter-strike 1.6\hl.exe |
"TCP Query User{A7E88A75-316A-49B0-AFF0-23A6C2549288}C:\program files\artlantis render 4\qtsocketserver.exe" = protocol=6 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"TCP Query User{B47C65F0-AB82-4355-ABC1-E37A3872B308}D:\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\counter-strike source\hl2.exe |
"TCP Query User{CEE7552F-C5B7-4140-ACDE-A2B2C1686DE9}D:\games\defcon\defcon.exe" = protocol=6 | dir=in | app=d:\games\defcon\defcon.exe |
"UDP Query User{0667B88E-AF60-40BA-B050-3CBEB7BA4468}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1B72F74A-9489-46FB-9F5E-85E0ADF77324}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{23EC61A1-570C-43BE-B801-0B05A2C37884}C:\program files\artlantis render 4\qtsocketserver.exe" = protocol=17 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"UDP Query User{2B8488C0-DA09-431C-A672-5CFCC9B2C6A4}D:\games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"UDP Query User{3C63EE2B-EA97-414C-98AD-24856EBF95CA}D:\games\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=d:\games\flatout 2\flatout2.exe |
"UDP Query User{530F1923-BCC3-4184-9072-F7F667260EAC}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5B73F878-B429-40DE-BCFD-199152A5812B}D:\games\defcon\defcon.exe" = protocol=17 | dir=in | app=d:\games\defcon\defcon.exe |
"UDP Query User{5F40CF64-D7C5-4B44-8C1C-3A81AC160AE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D320456-BBBF-4F99-B05D-D695AA762C66}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{7CF4B7FC-7B95-4881-9937-510E6CCAFDB1}D:\games\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\games\counter-strike 1.6\counter-strike 1.6\hl.exe |
"UDP Query User{80651B89-1395-4AF1-BEF4-1179171EF159}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{A7245F21-AC03-47B4-877D-959AAF679E31}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{AA8C0DEA-E343-45BA-A848-D8BA1A242926}D:\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\counter-strike source\hl2.exe |
"UDP Query User{AC1FA569-5776-444D-8452-1DE11CA27C61}D:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AFDDB22E-6510-4D21-9481-40D7C41B43A1}D:\games\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\games\day of defeat source\hl2.exe |
"UDP Query User{B2AA9C71-485B-4237-9D9C-AF77450DBA31}D:\games\left4dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\left4dead 2\left4dead2.exe |
"UDP Query User{C455D1C6-3ED8-4889-914C-727F30E92E38}D:\games\steam\steamapps\#\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\#\team fortress 2\hl2.exe |
"UDP Query User{D1968150-E083-457B-95C9-B76AEDD73ED8}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{D5646934-5CC4-4DBF-819B-66514A11E6D7}D:\games\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\games\left4dead\left4dead.exe |
"UDP Query User{EB9A34B9-45B6-4DED-A25E-0D3980CD45D2}D:\games\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\games\anno 1701\anno1701.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7346B4A0-1200-0111-0407-705C0D862004}" = Revit Architecture 2012 Language Pack - Deutsch
"{7346B4A0-1300-0510-0407-705C0D862004}" = Revit 2013
"{7346B4A0-1300-0511-0407-705C0D862004}" = Revit 2013 Language Pack - Deutsch
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Autodesk Revit 2013" = Autodesk Revit 2013
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Wacom Tablet Driver" = Wacom Tablett
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66FDDF31-084D-49D7-99C2-0D3FE8A27763}_is1" = Dungeon Keeper Complete Collection
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6DC61284-C3F6-4628-96E2-9B07DDEAD672}_is1" = The Secret Of Monkey Island Special Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885843E7-6CAC-4791-B7BF-1CD516017954}_is1" = DLL Suite 2013
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_954" = Adobe Acrobat 9.5.4 - CPSID_83708
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Evaluation
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Allway Sync_is1" = Allway Sync version 12.3.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Autodesk Content Service" = Autodesk Content Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge Building Game" = Bridge Building Game
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defcon_is1" = Defcon v1.5 de rtl
"Episode 1" = Back to the Future The Game - Episode 1
"FileZilla Client" = FileZilla Client 3.6.0.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"LDraw2012-01" = LDraw All-In-One-Installer 2012-01
"MiniLyrics" = MiniLyrics
"Miranda IM" = Miranda IM 0.10.11
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoLimits Coasters full" = NoLimits Coasters 1.8 (remove only)
"Notepad++" = Notepad++
"OpenTTD" = OpenTTD 1.2.1
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"Steam App 10" = Counter-Strike
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 218" = Source SDK Base 2007
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 55230" = Saints Row: The Third
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"UnPowerItNow_is1" = UnPowerIt Now! 1.06
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"xampp" = XAMPP 1.7.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"Episode 4" = Back to the Future The Game - Episode 4
"Episode 5" = Back to the Future The Game - Episode 5
"Network Addon Mod" = Network Addon Mod 31
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.03.2013 08:46:14 | Computer Name = #-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.03.2013 08:46:14 | Computer Name = #-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11030
Error - 05.03.2013 08:46:14 | Computer Name = #-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11030
Error - 05.03.2013 17:17:21 | Computer Name = #-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x2bf4fb60 ID des fehlerhaften
Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01ce19e1fd37806a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 10a04508-85da-11e2-b977-14dae96d8089
Error - 06.03.2013 16:22:18 | Computer Name = #-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.03.2013 07:40:15 | Computer Name = #-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.03.2013 09:38:25 | Computer Name = #-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.03.2013 07:15:22 | Computer Name = #-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.03.2013 12:29:58 | Computer Name = #-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 11.0.2.26, Zeitstempel:
0x51253247 Name des fehlerhaften Moduls: itw_scrobbler.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x510036aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x09ac0eeb ID des fehlerhaften
Prozesses: 0x1114 Startzeit der fehlerhaften Anwendung: 0x01ce1c1a1b0c393b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe Pfad des fehlerhaften
Moduls: itw_scrobbler.dll Berichtskennung: 6a2d00ec-880d-11e2-8ac2-14dae96d8089
Error - 08.03.2013 12:30:16 | Computer Name = #-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 11.0.2.26, Zeitstempel:
0x51253247 Name des fehlerhaften Moduls: itw_scrobbler.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x510036aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x09a2cb00 ID des fehlerhaften
Prozesses: 0x1114 Startzeit der fehlerhaften Anwendung: 0x01ce1c1a1b0c393b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe Pfad des fehlerhaften
Moduls: itw_scrobbler.dll Berichtskennung: 75227d0e-880d-11e2-8ac2-14dae96d8089
[ System Events ]
Error - 26.03.2013 11:10:10 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 26.03.2013 18:39:12 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 27.03.2013 04:50:12 | Computer Name = #-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 27.03.2013 05:35:34 | Computer Name = #-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.03.2013 11:44:48 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 28.03.2013 06:29:29 | Computer Name = #-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 28.03.2013 20:03:54 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 02.04.2013 11:09:35 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 03.04.2013 09:09:33 | Computer Name = #-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 03.04.2013 15:33:26 | Computer Name = #-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vhdmp Streaming Filter" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 11:56:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\#\AppData\Local\Temp\pwtoapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072ed1a22 2 bytes [ED, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072ed1ad0 2 bytes [ED, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072ed1b08 2 bytes [ED, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072ed1bba 2 bytes [ED, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072ed1bda 2 bytes [ED, 72]
.text C:\Windows\SysWOW64\vmnat.exe[3424] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 5 0000000073f513b1 1 byte [73]
.text C:\Windows\SysWOW64\vmnat.exe[3424] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 21 0000000073f513c1 1 byte [73]
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[3424] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 23 0000000073f5153f 1 byte [73]
.text C:\Windows\SysWOW64\vmnat.exe[3424] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 44 0000000073f51554 1 byte [73]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text C:\Users\#\Desktop\I MOG DES NIT\Defogger.exe[5812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Users\#\Desktop\I MOG DES NIT\Defogger.exe[5812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimCity\x2122\SimCity\x2122 Recovery.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity\x2122\SimCity\x2122 Recovery.lnk 1
---- EOF - GMER 2.1 ----
|
|
08.04.2013, 21:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Tapiui.DLL - Performance-Probleme & Absturz? Hallo und
__________________ Zitat:
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.04.2013, 21:56
| #3 |
| | Tapiui.DLL - Performance-Probleme & Absturz? Hallo!
__________________Danke für die nette Willkommensmeldung! Ultimate habe ich deswegen, weil es auf meiner Uni die Lizenzen für Studenten gab... Vor- oder Nachteile bringt es mir nicht - außer einer kleinen Kostenerleichterung für arme Studenten  Weitere Logs habe ich nicht. Der Virenscanner hat keine Meldung gebracht, also habe ich auch kein Logfile gespeichert. Nochmal neu zu scannen bringt nichts, oder? Danke! MfG |
|
08.04.2013, 22:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? Ok, danke für die Erklärung!  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.04.2013, 12:07
| #5 |
| | Tapiui.DLL - Performance-Probleme & Absturz? Sooo, hab das mal alles gescannt, aber er scheint keinen einzigen Fund zu haben. MFG Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.09.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
# :: #-PC [administrator]
09.04.2013 12:07:12
mbar-log-2013-04-09 (12-07-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 38893
Time elapsed: 7 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-09 12:13:39
-----------------------------
12:13:39.789 OS Version: Windows x64 6.1.7601 Service Pack 1
12:13:39.789 Number of processors: 4 586 0x2A07
12:13:39.789 ComputerName: #-PC UserName: #
12:13:40.195 Initialize success
12:18:29.386 AVAST engine defs: 13040900
12:28:44.901 The log file has been saved successfully to "C:\Users\#\Desktop\aswMBR.txt"
|
|
09.04.2013, 13:13
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? Bitte aswMBR wiederholen, irgendwas lief da nicht richtig Zitat:
__________________ --> Tapiui.DLL - Performance-Probleme & Absturz? |
|
13.04.2013, 11:26
| #7 |
| | Tapiui.DLL - Performance-Probleme & Absturz? So hier noch mal. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-09 12:13:39
-----------------------------
12:13:39.789 OS Version: Windows x64 6.1.7601 Service Pack 1
12:13:39.789 Number of processors: 4 586 0x2A07
12:13:39.789 ComputerName: #-PC UserName: #
12:13:40.195 Initialize success
12:18:29.386 AVAST engine defs: 13040900
12:28:44.901 The log file has been saved successfully to "C:\Users\#\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-13 12:14:11
-----------------------------
12:14:11.652 OS Version: Windows x64 6.1.7601 Service Pack 1
12:14:11.652 Number of processors: 4 586 0x2A07
12:14:11.652 ComputerName: #-PC UserName: #
12:14:11.802 Initialize success
12:15:19.128 AVAST engine defs: 13041300
12:16:17.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:16:17.179 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 11
12:16:17.299 Disk 0 MBR read successfully
12:16:17.309 Disk 0 MBR scan
12:16:17.329 Disk 0 Windows 7 default MBR code
12:16:17.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:16:17.369 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
12:16:17.379 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204800000
12:16:17.409 Disk 0 scanning C:\Windows\system32\drivers
12:16:29.190 Service scanning
12:16:49.738 Modules scanning
12:16:49.738 Disk 0 trace - called modules:
12:16:49.754 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:16:49.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ded060]
12:16:49.769 3 CLASSPNP.SYS[fffff880013c043f] -> nt!IofCallDriver -> [0xfffffa8007b23520]
12:16:49.769 5 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b151f0]
12:16:49.972 AVAST engine scan C:\Windows
12:16:51.501 AVAST engine scan C:\Windows\system32
12:19:57.531 AVAST engine scan C:\Windows\system32\drivers
12:20:08.420 AVAST engine scan C:\Users\#
12:20:21.306 Disk 0 MBR has been saved successfully to "C:\Users\#\Desktop\MBR.dat"
12:20:21.306 The log file has been saved successfully to "C:\Users\#\Desktop\aswMBR.txt"
Code:
ATTFilter 12:21:50.0442 3732 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:21:50.0629 3732 ============================================================
12:21:50.0629 3732 Current date / time: 2013/04/13 12:21:50.0629
12:21:50.0629 3732 SystemInfo:
12:21:50.0629 3732
12:21:50.0629 3732 OS Version: 6.1.7601 ServicePack: 1.0
12:21:50.0629 3732 Product type: Workstation
12:21:50.0629 3732 ComputerName: #-PC
12:21:50.0645 3732 UserName: #
12:21:50.0645 3732 Windows directory: C:\Windows
12:21:50.0645 3732 System windows directory: C:\Windows
12:21:50.0645 3732 Running under WOW64
12:21:50.0645 3732 Processor architecture: Intel x64
12:21:50.0645 3732 Number of processors: 4
12:21:50.0645 3732 Page size: 0x1000
12:21:50.0645 3732 Boot type: Normal boot
12:21:50.0645 3732 ============================================================
12:21:51.0441 3732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:21:51.0456 3732 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:21:51.0784 3732 ============================================================
12:21:51.0784 3732 \Device\Harddisk0\DR0:
12:21:51.0784 3732 MBR partitions:
12:21:51.0784 3732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:21:51.0784 3732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
12:21:51.0784 3732 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035000
12:21:51.0784 3732 \Device\Harddisk1\DR1:
12:21:51.0784 3732 MBR partitions:
12:21:51.0784 3732 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57543EEF
12:21:51.0784 3732 ============================================================
12:21:51.0815 3732 C: <-> \Device\Harddisk0\DR0\Partition2
12:21:51.0846 3732 D: <-> \Device\Harddisk0\DR0\Partition3
12:21:51.0877 3732 G: <-> \Device\Harddisk1\DR1\Partition1
12:21:51.0877 3732 ============================================================
12:21:51.0877 3732 Initialize success
12:21:51.0877 3732 ============================================================
12:22:50.0721 4352 ============================================================
12:22:50.0721 4352 Scan started
12:22:50.0721 4352 Mode: Manual; SigCheck; TDLFS;
12:22:50.0721 4352 ============================================================
12:22:51.0251 4352 ================ Scan system memory ========================
12:22:51.0251 4352 System memory - ok
12:22:51.0251 4352 ================ Scan services =============================
12:22:51.0392 4352 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:22:51.0454 4352 1394ohci - ok
12:22:51.0485 4352 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:22:51.0501 4352 ACPI - ok
12:22:51.0532 4352 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:22:51.0594 4352 AcpiPmi - ok
12:22:51.0626 4352 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
12:22:51.0641 4352 adfs - ok
12:22:51.0766 4352 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:51.0782 4352 AdobeFlashPlayerUpdateSvc - ok
12:22:51.0828 4352 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:22:51.0844 4352 adp94xx - ok
12:22:51.0860 4352 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:22:51.0875 4352 adpahci - ok
12:22:51.0891 4352 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:22:51.0906 4352 adpu320 - ok
12:22:51.0922 4352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:22:52.0016 4352 AeLookupSvc - ok
12:22:52.0062 4352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:22:52.0094 4352 AFD - ok
12:22:52.0125 4352 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:22:52.0140 4352 agp440 - ok
12:22:52.0156 4352 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:22:52.0203 4352 ALG - ok
12:22:52.0218 4352 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:22:52.0234 4352 aliide - ok
12:22:52.0265 4352 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:22:52.0343 4352 AMD External Events Utility - ok
12:22:52.0343 4352 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:22:52.0359 4352 amdide - ok
12:22:52.0374 4352 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:22:52.0406 4352 AmdK8 - ok
12:22:52.0562 4352 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:22:52.0718 4352 amdkmdag - ok
12:22:52.0764 4352 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:22:52.0796 4352 amdkmdap - ok
12:22:52.0811 4352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:22:52.0842 4352 AmdPPM - ok
12:22:52.0889 4352 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:22:52.0905 4352 amdsata - ok
12:22:52.0920 4352 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:22:52.0936 4352 amdsbs - ok
12:22:52.0952 4352 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:22:52.0967 4352 amdxata - ok
12:22:53.0014 4352 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
12:22:53.0045 4352 androidusb - ok
12:22:53.0139 4352 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:22:53.0154 4352 AntiVirSchedulerService - ok
12:22:53.0186 4352 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:22:53.0201 4352 AntiVirService - ok
12:22:53.0232 4352 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:22:53.0342 4352 AppID - ok
12:22:53.0342 4352 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:22:53.0404 4352 AppIDSvc - ok
12:22:53.0435 4352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:22:53.0466 4352 Appinfo - ok
12:22:53.0560 4352 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:53.0560 4352 Apple Mobile Device - ok
12:22:53.0591 4352 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:22:53.0622 4352 AppMgmt - ok
12:22:53.0654 4352 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:22:53.0669 4352 arc - ok
12:22:53.0685 4352 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:22:53.0700 4352 arcsas - ok
12:22:53.0794 4352 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:22:53.0841 4352 aspnet_state - ok
12:22:53.0872 4352 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:53.0919 4352 AsyncMac - ok
12:22:53.0950 4352 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:22:53.0950 4352 atapi - ok
12:22:53.0997 4352 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:22:54.0028 4352 AtiHDAudioService - ok
12:22:54.0075 4352 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:22:54.0090 4352 atksgt - ok
12:22:54.0137 4352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:22:54.0215 4352 AudioEndpointBuilder - ok
12:22:54.0215 4352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:22:54.0246 4352 AudioSrv - ok
12:22:54.0340 4352 [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
12:22:54.0356 4352 Autodesk Content Service - ok
12:22:54.0371 4352 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:22:54.0387 4352 avgntflt - ok
12:22:54.0434 4352 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:22:54.0449 4352 avipbb - ok
12:22:54.0465 4352 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:22:54.0480 4352 avkmgr - ok
12:22:54.0512 4352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:22:54.0574 4352 AxInstSV - ok
12:22:54.0605 4352 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:22:54.0636 4352 b06bdrv - ok
12:22:54.0668 4352 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:54.0714 4352 b57nd60a - ok
12:22:54.0761 4352 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:22:54.0777 4352 BDESVC - ok
12:22:54.0792 4352 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:22:54.0855 4352 Beep - ok
12:22:54.0902 4352 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:22:54.0964 4352 BFE - ok
12:22:54.0995 4352 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:22:55.0058 4352 BITS - ok
12:22:55.0073 4352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:22:55.0089 4352 blbdrive - ok
12:22:55.0167 4352 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:22:55.0198 4352 Bonjour Service - ok
12:22:55.0229 4352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:22:55.0260 4352 bowser - ok
12:22:55.0276 4352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:22:55.0338 4352 BrFiltLo - ok
12:22:55.0338 4352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:22:55.0370 4352 BrFiltUp - ok
12:22:55.0401 4352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:22:55.0432 4352 Browser - ok
12:22:55.0448 4352 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:22:55.0494 4352 Brserid - ok
12:22:55.0510 4352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:22:55.0526 4352 BrSerWdm - ok
12:22:55.0541 4352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:22:55.0572 4352 BrUsbMdm - ok
12:22:55.0588 4352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:22:55.0604 4352 BrUsbSer - ok
12:22:55.0619 4352 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:22:55.0650 4352 BTHMODEM - ok
12:22:55.0666 4352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:22:55.0713 4352 bthserv - ok
12:22:55.0728 4352 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:22:55.0760 4352 cdfs - ok
12:22:55.0806 4352 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:22:55.0838 4352 cdrom - ok
12:22:55.0884 4352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:22:55.0947 4352 CertPropSvc - ok
12:22:55.0962 4352 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:22:55.0994 4352 circlass - ok
12:22:56.0025 4352 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:22:56.0040 4352 CLFS - ok
12:22:56.0087 4352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:56.0118 4352 clr_optimization_v2.0.50727_32 - ok
12:22:56.0150 4352 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:22:56.0165 4352 clr_optimization_v2.0.50727_64 - ok
12:22:56.0243 4352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:56.0321 4352 clr_optimization_v4.0.30319_32 - ok
12:22:56.0337 4352 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:22:56.0368 4352 clr_optimization_v4.0.30319_64 - ok
12:22:56.0384 4352 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:22:56.0415 4352 CmBatt - ok
12:22:56.0430 4352 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:22:56.0446 4352 cmdide - ok
12:22:56.0477 4352 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:22:56.0524 4352 CNG - ok
12:22:56.0540 4352 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:22:56.0540 4352 Compbatt - ok
12:22:56.0586 4352 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:22:56.0602 4352 CompositeBus - ok
12:22:56.0618 4352 COMSysApp - ok
12:22:56.0633 4352 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:22:56.0649 4352 crcdisk - ok
12:22:56.0680 4352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:22:56.0727 4352 CryptSvc - ok
12:22:56.0758 4352 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:22:56.0805 4352 CSC - ok
12:22:56.0852 4352 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:22:56.0883 4352 CscService - ok
12:22:56.0930 4352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:22:56.0976 4352 DcomLaunch - ok
12:22:56.0992 4352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:22:57.0039 4352 defragsvc - ok
12:22:57.0070 4352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:22:57.0117 4352 DfsC - ok
12:22:57.0132 4352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:22:57.0148 4352 Dhcp - ok
12:22:57.0179 4352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:22:57.0195 4352 discache - ok
12:22:57.0226 4352 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:22:57.0242 4352 Disk - ok
12:22:57.0257 4352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:22:57.0304 4352 Dnscache - ok
12:22:57.0335 4352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:22:57.0382 4352 dot3svc - ok
12:22:57.0413 4352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:22:57.0460 4352 DPS - ok
12:22:57.0476 4352 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:22:57.0507 4352 drmkaud - ok
12:22:57.0538 4352 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:22:57.0554 4352 dtsoftbus01 - ok
12:22:57.0600 4352 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:22:57.0632 4352 DXGKrnl - ok
12:22:57.0710 4352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:22:57.0772 4352 EapHost - ok
12:22:57.0834 4352 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:22:57.0881 4352 ebdrv - ok
12:22:57.0912 4352 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:22:57.0959 4352 EFS - ok
12:22:58.0006 4352 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:22:58.0068 4352 ehRecvr - ok
12:22:58.0084 4352 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:22:58.0131 4352 ehSched - ok
12:22:58.0162 4352 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:22:58.0193 4352 elxstor - ok
12:22:58.0209 4352 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:22:58.0224 4352 ErrDev - ok
12:22:58.0256 4352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:22:58.0302 4352 EventSystem - ok
12:22:58.0334 4352 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:22:58.0349 4352 exfat - ok
12:22:58.0365 4352 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:22:58.0396 4352 fastfat - ok
12:22:58.0427 4352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:22:58.0490 4352 Fax - ok
12:22:58.0505 4352 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:22:58.0521 4352 fdc - ok
12:22:58.0521 4352 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:22:58.0568 4352 fdPHost - ok
12:22:58.0583 4352 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:22:58.0630 4352 FDResPub - ok
12:22:58.0646 4352 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:22:58.0646 4352 FileInfo - ok
12:22:58.0661 4352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:22:58.0692 4352 Filetrace - ok
12:22:58.0739 4352 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:22:58.0770 4352 FLEXnet Licensing Service - ok
12:22:58.0833 4352 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:22:58.0864 4352 FLEXnet Licensing Service 64 - ok
12:22:58.0880 4352 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:22:58.0895 4352 flpydisk - ok
12:22:58.0911 4352 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:22:58.0911 4352 FltMgr - ok
12:22:58.0958 4352 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
12:22:59.0004 4352 FontCache - ok
12:22:59.0036 4352 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:22:59.0036 4352 FontCache3.0.0.0 - ok
12:22:59.0051 4352 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:22:59.0051 4352 FsDepends - ok
12:22:59.0082 4352 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:22:59.0098 4352 Fs_Rec - ok
12:22:59.0176 4352 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
12:22:59.0192 4352 Futuremark SystemInfo Service - ok
12:22:59.0207 4352 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:22:59.0238 4352 fvevol - ok
12:22:59.0254 4352 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:22:59.0270 4352 gagp30kx - ok
12:22:59.0301 4352 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:22:59.0301 4352 GEARAspiWDM - ok
12:22:59.0348 4352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:22:59.0394 4352 gpsvc - ok
12:22:59.0472 4352 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:59.0488 4352 gupdate - ok
12:22:59.0488 4352 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:59.0488 4352 gupdatem - ok
12:22:59.0535 4352 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
12:22:59.0535 4352 hcmon - ok
12:22:59.0550 4352 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:22:59.0582 4352 hcw85cir - ok
12:22:59.0613 4352 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:22:59.0628 4352 HdAudAddService - ok
12:22:59.0660 4352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:22:59.0691 4352 HDAudBus - ok
12:22:59.0706 4352 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:22:59.0722 4352 HidBatt - ok
12:22:59.0738 4352 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:22:59.0753 4352 HidBth - ok
12:22:59.0784 4352 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:22:59.0816 4352 HidIr - ok
12:22:59.0831 4352 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:22:59.0878 4352 hidserv - ok
12:22:59.0925 4352 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:22:59.0925 4352 HidUsb - ok
12:22:59.0972 4352 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:23:00.0018 4352 hkmsvc - ok
12:23:00.0050 4352 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:23:00.0096 4352 HomeGroupListener - ok
12:23:00.0112 4352 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:23:00.0143 4352 HomeGroupProvider - ok
12:23:00.0159 4352 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:23:00.0174 4352 HpSAMD - ok
12:23:00.0206 4352 [ 5A539A3CBD6EC1609D5333B486D5F74C ] HPSIService C:\Windows\system32\HPSIsvc.exe
12:23:00.0221 4352 HPSIService - ok
12:23:00.0268 4352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:23:00.0299 4352 HTTP - ok
12:23:00.0330 4352 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:23:00.0330 4352 hwpolicy - ok
12:23:00.0362 4352 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:23:00.0377 4352 i8042prt - ok
12:23:00.0377 4352 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:23:00.0393 4352 iaStorV - ok
12:23:00.0424 4352 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:23:00.0455 4352 idsvc - ok
12:23:00.0471 4352 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:23:00.0486 4352 iirsp - ok
12:23:00.0502 4352 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:23:00.0533 4352 IKEEXT - ok
12:23:00.0549 4352 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:23:00.0549 4352 intelide - ok
12:23:00.0580 4352 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:23:00.0596 4352 intelppm - ok
12:23:00.0611 4352 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:23:00.0642 4352 IPBusEnum - ok
12:23:00.0674 4352 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:00.0689 4352 IpFilterDriver - ok
12:23:00.0736 4352 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:23:00.0752 4352 iphlpsvc - ok
12:23:00.0783 4352 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:23:00.0798 4352 IPMIDRV - ok
12:23:00.0814 4352 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:23:00.0845 4352 IPNAT - ok
12:23:00.0892 4352 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:23:00.0923 4352 iPod Service - ok
12:23:00.0939 4352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:23:00.0954 4352 IRENUM - ok
12:23:00.0986 4352 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:23:00.0986 4352 isapnp - ok
12:23:01.0001 4352 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:23:01.0017 4352 iScsiPrt - ok
12:23:01.0017 4352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:23:01.0032 4352 kbdclass - ok
12:23:01.0048 4352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:23:01.0064 4352 kbdhid - ok
12:23:01.0079 4352 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:23:01.0095 4352 KeyIso - ok
12:23:01.0110 4352 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:23:01.0126 4352 KSecDD - ok
12:23:01.0142 4352 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:23:01.0157 4352 KSecPkg - ok
12:23:01.0157 4352 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:23:01.0204 4352 ksthunk - ok
12:23:01.0220 4352 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:23:01.0251 4352 KtmRm - ok
12:23:01.0282 4352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:23:01.0329 4352 LanmanServer - ok
12:23:01.0344 4352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:23:01.0376 4352 LanmanWorkstation - ok
12:23:01.0407 4352 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:23:01.0422 4352 lirsgt - ok
12:23:01.0454 4352 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:23:01.0500 4352 lltdio - ok
12:23:01.0532 4352 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:23:01.0563 4352 lltdsvc - ok
12:23:01.0578 4352 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:23:01.0610 4352 lmhosts - ok
12:23:01.0625 4352 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:23:01.0625 4352 LSI_FC - ok
12:23:01.0641 4352 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:23:01.0641 4352 LSI_SAS - ok
12:23:01.0656 4352 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:23:01.0672 4352 LSI_SAS2 - ok
12:23:01.0688 4352 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:23:01.0688 4352 LSI_SCSI - ok
12:23:01.0703 4352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:23:01.0719 4352 luafv - ok
12:23:01.0750 4352 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:23:01.0766 4352 Mcx2Svc - ok
12:23:01.0766 4352 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:23:01.0781 4352 megasas - ok
12:23:01.0781 4352 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:23:01.0797 4352 MegaSR - ok
12:23:01.0812 4352 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:23:01.0812 4352 MEIx64 - ok
12:23:01.0937 4352 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
12:23:01.0968 4352 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - warning
12:23:01.0968 4352 mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic (1)
12:23:02.0000 4352 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:23:02.0046 4352 MMCSS - ok
12:23:02.0062 4352 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:23:02.0093 4352 Modem - ok
12:23:02.0109 4352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:23:02.0124 4352 monitor - ok
12:23:02.0156 4352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:23:02.0156 4352 mouclass - ok
12:23:02.0187 4352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:23:02.0187 4352 mouhid - ok
12:23:02.0218 4352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:23:02.0234 4352 mountmgr - ok
12:23:02.0312 4352 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:23:02.0343 4352 MozillaMaintenance - ok
12:23:02.0343 4352 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:23:02.0358 4352 mpio - ok
12:23:02.0374 4352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:23:02.0405 4352 mpsdrv - ok
12:23:02.0436 4352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:23:02.0483 4352 MpsSvc - ok
12:23:02.0514 4352 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:23:02.0546 4352 MRxDAV - ok
12:23:02.0561 4352 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:02.0592 4352 mrxsmb - ok
12:23:02.0608 4352 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:02.0639 4352 mrxsmb10 - ok
12:23:02.0655 4352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:02.0686 4352 mrxsmb20 - ok
12:23:02.0702 4352 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:23:02.0717 4352 msahci - ok
12:23:02.0748 4352 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:23:02.0748 4352 msdsm - ok
12:23:02.0780 4352 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:23:02.0795 4352 MSDTC - ok
12:23:02.0826 4352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:23:02.0858 4352 Msfs - ok
12:23:02.0873 4352 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:23:02.0920 4352 mshidkmdf - ok
12:23:02.0936 4352 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:23:02.0936 4352 msisadrv - ok
12:23:02.0951 4352 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:23:02.0982 4352 MSiSCSI - ok
12:23:02.0982 4352 msiserver - ok
12:23:02.0998 4352 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:23:03.0029 4352 MSKSSRV - ok
12:23:03.0029 4352 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:03.0060 4352 MSPCLOCK - ok
12:23:03.0076 4352 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:23:03.0107 4352 MSPQM - ok
12:23:03.0123 4352 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:23:03.0138 4352 MsRPC - ok
12:23:03.0154 4352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:23:03.0154 4352 mssmbios - ok
12:23:03.0170 4352 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:23:03.0201 4352 MSTEE - ok
12:23:03.0326 4352 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
12:23:03.0404 4352 msvsmon90 - ok
12:23:03.0419 4352 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:23:03.0435 4352 MTConfig - ok
12:23:03.0450 4352 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:23:03.0450 4352 Mup - ok
12:23:03.0482 4352 [ 8FA52B6049596FE2FDBC8A5E8B14EBFC ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
12:23:03.0513 4352 mvusbews - ok
12:23:03.0544 4352 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:23:03.0575 4352 napagent - ok
12:23:03.0622 4352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:23:03.0653 4352 NativeWifiP - ok
12:23:03.0684 4352 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:23:03.0716 4352 NDIS - ok
12:23:03.0716 4352 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:23:03.0747 4352 NdisCap - ok
12:23:03.0762 4352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:03.0809 4352 NdisTapi - ok
12:23:03.0825 4352 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:03.0856 4352 Ndisuio - ok
12:23:03.0887 4352 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:03.0934 4352 NdisWan - ok
12:23:03.0965 4352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:23:04.0012 4352 NDProxy - ok
12:23:04.0028 4352 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:23:04.0043 4352 NetBIOS - ok
12:23:04.0059 4352 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:23:04.0090 4352 NetBT - ok
12:23:04.0106 4352 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:23:04.0106 4352 Netlogon - ok
12:23:04.0137 4352 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:23:04.0184 4352 Netman - ok
12:23:04.0199 4352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:04.0215 4352 NetMsmqActivator - ok
12:23:04.0215 4352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:04.0230 4352 NetPipeActivator - ok
12:23:04.0246 4352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:23:04.0277 4352 netprofm - ok
12:23:04.0324 4352 [ 68CDB276A3009F0CF000C6352C1F72E7 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
12:23:04.0355 4352 netr28x - ok
12:23:04.0355 4352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:04.0371 4352 NetTcpActivator - ok
12:23:04.0371 4352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:04.0371 4352 NetTcpPortSharing - ok
12:23:04.0386 4352 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:23:04.0402 4352 nfrd960 - ok
12:23:04.0433 4352 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:23:04.0464 4352 NlaSvc - ok
12:23:04.0480 4352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:23:04.0511 4352 Npfs - ok
12:23:04.0527 4352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:23:04.0558 4352 nsi - ok
12:23:04.0558 4352 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:23:04.0589 4352 nsiproxy - ok
12:23:04.0636 4352 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:23:04.0652 4352 Ntfs - ok
12:23:04.0667 4352 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:23:04.0714 4352 Null - ok
12:23:04.0745 4352 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:23:04.0761 4352 nvraid - ok
12:23:04.0776 4352 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:23:04.0792 4352 nvstor - ok
12:23:04.0808 4352 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:23:04.0823 4352 nv_agp - ok
12:23:04.0839 4352 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:23:04.0839 4352 ohci1394 - ok
12:23:04.0870 4352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:23:04.0901 4352 p2pimsvc - ok
12:23:04.0917 4352 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:23:04.0932 4352 p2psvc - ok
12:23:04.0964 4352 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:23:04.0979 4352 Parport - ok
12:23:05.0026 4352 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:23:05.0026 4352 partmgr - ok
12:23:05.0042 4352 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:23:05.0073 4352 PcaSvc - ok
12:23:05.0088 4352 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:23:05.0104 4352 pci - ok
12:23:05.0135 4352 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:23:05.0151 4352 pciide - ok
12:23:05.0166 4352 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:23:05.0182 4352 pcmcia - ok
12:23:05.0198 4352 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:23:05.0198 4352 pcw - ok
12:23:05.0213 4352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:23:05.0260 4352 PEAUTH - ok
12:23:05.0291 4352 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:23:05.0322 4352 PeerDistSvc - ok
12:23:05.0385 4352 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:23:05.0400 4352 PerfHost - ok
12:23:05.0447 4352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:23:05.0494 4352 pla - ok
12:23:05.0572 4352 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:23:05.0603 4352 PlugPlay - ok
12:23:05.0619 4352 PnkBstrA - ok
12:23:05.0634 4352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:23:05.0650 4352 PNRPAutoReg - ok
12:23:05.0666 4352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:23:05.0681 4352 PNRPsvc - ok
12:23:05.0697 4352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:23:05.0728 4352 PolicyAgent - ok
12:23:05.0759 4352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:23:05.0790 4352 Power - ok
12:23:05.0822 4352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:23:05.0853 4352 PptpMiniport - ok
12:23:05.0853 4352 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:23:05.0868 4352 Processor - ok
12:23:05.0900 4352 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:23:05.0931 4352 ProfSvc - ok
12:23:05.0946 4352 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:23:05.0962 4352 ProtectedStorage - ok
12:23:05.0993 4352 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:23:06.0040 4352 Psched - ok
12:23:06.0087 4352 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:23:06.0102 4352 ql2300 - ok
12:23:06.0118 4352 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:23:06.0134 4352 ql40xx - ok
12:23:06.0149 4352 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:23:06.0165 4352 QWAVE - ok
12:23:06.0165 4352 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:23:06.0196 4352 QWAVEdrv - ok
12:23:06.0258 4352 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
12:23:06.0274 4352 RalinkRegistryWriter - ok
12:23:06.0274 4352 [ 178CEF55E09DC320FF6561D4EEB4F632 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
12:23:06.0290 4352 RalinkRegistryWriter64 - ok
12:23:06.0305 4352 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:23:06.0321 4352 RasAcd - ok
12:23:06.0352 4352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:23:06.0399 4352 RasAgileVpn - ok
12:23:06.0414 4352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:23:06.0446 4352 RasAuto - ok
12:23:06.0477 4352 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:06.0508 4352 Rasl2tp - ok
12:23:06.0539 4352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:23:06.0555 4352 RasMan - ok
12:23:06.0570 4352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:06.0602 4352 RasPppoe - ok
12:23:06.0633 4352 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:23:06.0664 4352 RasSstp - ok
12:23:06.0695 4352 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:23:06.0711 4352 rdbss - ok
12:23:06.0726 4352 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:06.0742 4352 rdpbus - ok
12:23:06.0773 4352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:06.0789 4352 RDPCDD - ok
12:23:06.0820 4352 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:23:06.0836 4352 RDPDR - ok
12:23:06.0836 4352 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:23:06.0867 4352 RDPENCDD - ok
12:23:06.0867 4352 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:23:06.0882 4352 RDPREFMP - ok
12:23:06.0976 4352 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:23:07.0007 4352 RdpVideoMiniport - ok
12:23:07.0038 4352 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:23:07.0070 4352 RDPWD - ok
12:23:07.0116 4352 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:23:07.0132 4352 rdyboost - ok
12:23:07.0148 4352 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:23:07.0179 4352 RemoteAccess - ok
12:23:07.0194 4352 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:23:07.0241 4352 RemoteRegistry - ok
12:23:07.0241 4352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:23:07.0288 4352 RpcEptMapper - ok
12:23:07.0304 4352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:23:07.0319 4352 RpcLocator - ok
12:23:07.0350 4352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:23:07.0382 4352 RpcSs - ok
12:23:07.0413 4352 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:23:07.0444 4352 rspndr - ok
12:23:07.0491 4352 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:23:07.0491 4352 RTL8167 - ok
12:23:07.0522 4352 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:23:07.0553 4352 s3cap - ok
12:23:07.0553 4352 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:23:07.0569 4352 SamSs - ok
12:23:07.0584 4352 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:23:07.0600 4352 sbp2port - ok
12:23:07.0631 4352 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:23:07.0662 4352 SCardSvr - ok
12:23:07.0694 4352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:23:07.0740 4352 scfilter - ok
12:23:07.0772 4352 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:23:07.0834 4352 Schedule - ok
12:23:07.0850 4352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:23:07.0865 4352 SCPolicySvc - ok
12:23:07.0896 4352 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:23:07.0912 4352 SDRSVC - ok
12:23:07.0928 4352 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:23:07.0990 4352 secdrv - ok
12:23:08.0006 4352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:23:08.0052 4352 seclogon - ok
12:23:08.0068 4352 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:23:08.0099 4352 SENS - ok
12:23:08.0115 4352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:23:08.0146 4352 SensrSvc - ok
12:23:08.0177 4352 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:23:08.0208 4352 Serenum - ok
12:23:08.0224 4352 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:23:08.0271 4352 Serial - ok
12:23:08.0286 4352 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:23:08.0302 4352 sermouse - ok
12:23:08.0333 4352 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:23:08.0380 4352 SessionEnv - ok
12:23:08.0396 4352 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:23:08.0427 4352 sffdisk - ok
12:23:08.0427 4352 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:23:08.0458 4352 sffp_mmc - ok
12:23:08.0458 4352 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:23:08.0474 4352 sffp_sd - ok
12:23:08.0489 4352 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:23:08.0505 4352 sfloppy - ok
12:23:08.0536 4352 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:23:08.0567 4352 SharedAccess - ok
12:23:08.0598 4352 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:23:08.0630 4352 ShellHWDetection - ok
12:23:08.0645 4352 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:23:08.0645 4352 SiSRaid2 - ok
12:23:08.0661 4352 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:23:08.0676 4352 SiSRaid4 - ok
12:23:08.0708 4352 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:23:08.0723 4352 SkypeUpdate - ok
12:23:08.0754 4352 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:23:08.0801 4352 Smb - ok
12:23:08.0832 4352 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:23:08.0848 4352 SNMPTRAP - ok
12:23:08.0864 4352 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:23:08.0879 4352 spldr - ok
12:23:08.0910 4352 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:23:08.0957 4352 Spooler - ok
12:23:09.0020 4352 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:23:09.0082 4352 sppsvc - ok
12:23:09.0098 4352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:23:09.0129 4352 sppuinotify - ok
12:23:09.0160 4352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:23:09.0207 4352 srv - ok
12:23:09.0238 4352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:23:09.0269 4352 srv2 - ok
12:23:09.0285 4352 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:23:09.0300 4352 srvnet - ok
12:23:09.0347 4352 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:23:09.0394 4352 ssadbus - ok
12:23:09.0410 4352 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:23:09.0441 4352 ssadmdfl - ok
12:23:09.0472 4352 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:23:09.0503 4352 ssadmdm - ok
12:23:09.0534 4352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:23:09.0581 4352 SSDPSRV - ok
12:23:09.0597 4352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:23:09.0612 4352 SstpSvc - ok
12:23:09.0644 4352 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
12:23:09.0644 4352 ss_bbus - ok
12:23:09.0659 4352 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
12:23:09.0675 4352 ss_bmdfl - ok
12:23:09.0675 4352 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
12:23:09.0690 4352 ss_bmdm - ok
12:23:09.0722 4352 Steam Client Service - ok
12:23:09.0753 4352 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:23:09.0768 4352 stexstor - ok
12:23:09.0800 4352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:23:09.0831 4352 stisvc - ok
12:23:09.0846 4352 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:23:09.0846 4352 storflt - ok
12:23:09.0862 4352 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:23:09.0878 4352 storvsc - ok
12:23:09.0893 4352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:23:09.0909 4352 swenum - ok
12:23:09.0909 4352 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:23:09.0956 4352 swprv - ok
12:23:09.0956 4352 Synth3dVsc - ok
12:23:10.0018 4352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:23:10.0049 4352 SysMain - ok
12:23:10.0080 4352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:23:10.0112 4352 TabletInputService - ok
12:23:10.0268 4352 [ B9E475AB1AABB21F278EA74965F918B9 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
12:23:10.0377 4352 TabletServiceWacom - ok
12:23:10.0392 4352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:23:10.0455 4352 TapiSrv - ok
12:23:10.0455 4352 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:23:10.0486 4352 TBS - ok
12:23:10.0548 4352 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:23:10.0595 4352 Tcpip - ok
12:23:10.0611 4352 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:23:10.0642 4352 TCPIP6 - ok
12:23:10.0673 4352 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:23:10.0673 4352 tcpipreg - ok
12:23:10.0736 4352 [ 5B3E0931EBF4890EF2448AC4B74E078E ] TCPSVCSd C:\Windows\system32\tapiui64.exe
12:23:10.0767 4352 TCPSVCSd ( UnsignedFile.Multi.Generic ) - warning
12:23:10.0767 4352 TCPSVCSd - detected UnsignedFile.Multi.Generic (1)
12:23:10.0782 4352 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:23:10.0814 4352 TDPIPE - ok
12:23:10.0845 4352 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:23:10.0860 4352 TDTCP - ok
12:23:10.0892 4352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:23:10.0923 4352 tdx - ok
12:23:10.0954 4352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:23:10.0970 4352 TermDD - ok
12:23:11.0001 4352 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:23:11.0032 4352 TermService - ok
12:23:11.0063 4352 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
12:23:11.0063 4352 TFsExDisk - ok
12:23:11.0079 4352 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:23:11.0094 4352 Themes - ok
12:23:11.0126 4352 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:23:11.0141 4352 THREADORDER - ok
12:23:11.0172 4352 [ B8F4A8AFFAAE521A20E8D2AF3F487124 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
12:23:11.0188 4352 TouchServiceWacom - ok
12:23:11.0204 4352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:23:11.0235 4352 TrkWks - ok
12:23:11.0266 4352 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:23:11.0313 4352 TrustedInstaller - ok
12:23:11.0344 4352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:11.0360 4352 tssecsrv - ok
12:23:11.0391 4352 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:23:11.0406 4352 TsUsbFlt - ok
12:23:11.0422 4352 tsusbhub - ok
12:23:11.0469 4352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:23:11.0500 4352 tunnel - ok
12:23:11.0516 4352 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:23:11.0531 4352 uagp35 - ok
12:23:11.0547 4352 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:23:11.0562 4352 udfs - ok
12:23:11.0594 4352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:23:11.0594 4352 UI0Detect - ok
12:23:11.0609 4352 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:23:11.0625 4352 uliagpkx - ok
12:23:11.0640 4352 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:23:11.0656 4352 umbus - ok
12:23:11.0687 4352 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:23:11.0703 4352 UmPass - ok
12:23:11.0718 4352 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:23:11.0750 4352 UmRdpService - ok
12:23:11.0765 4352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:23:11.0828 4352 upnphost - ok
12:23:11.0859 4352 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:23:11.0874 4352 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:23:11.0874 4352 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
12:23:11.0921 4352 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:23:11.0937 4352 usbaudio - ok
12:23:11.0968 4352 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:23:12.0015 4352 usbccgp - ok
12:23:12.0030 4352 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:23:12.0046 4352 usbcir - ok
12:23:12.0062 4352 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:23:12.0093 4352 usbehci - ok
12:23:12.0108 4352 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:23:12.0124 4352 usbhub - ok
12:23:12.0140 4352 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:23:12.0155 4352 usbohci - ok
12:23:12.0186 4352 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:23:12.0202 4352 usbprint - ok
12:23:12.0218 4352 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:23:12.0249 4352 USBSTOR - ok
12:23:12.0264 4352 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:23:12.0280 4352 usbuhci - ok
12:23:12.0296 4352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:23:12.0342 4352 UxSms - ok
12:23:12.0342 4352 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:23:12.0358 4352 VaultSvc - ok
12:23:12.0389 4352 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:23:12.0389 4352 vdrvroot - ok
12:23:12.0436 4352 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:23:12.0483 4352 vds - ok
12:23:12.0483 4352 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:23:12.0498 4352 vga - ok
12:23:12.0514 4352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:23:12.0530 4352 VgaSave - ok
12:23:12.0545 4352 VGPU - ok
12:23:12.0576 4352 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:23:12.0592 4352 vhdmp - ok
12:23:12.0623 4352 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:23:12.0623 4352 viaide - ok
12:23:12.0686 4352 [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
12:23:12.0717 4352 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
12:23:12.0717 4352 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
12:23:12.0732 4352 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:23:12.0748 4352 vmbus - ok
12:23:12.0748 4352 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:23:12.0764 4352 VMBusHID - ok
12:23:12.0795 4352 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
12:23:12.0810 4352 vmci - ok
12:23:12.0842 4352 [ ED82D26B5E26542615483B8BED77D826 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
12:23:12.0857 4352 vmkbd - ok
12:23:12.0873 4352 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
12:23:12.0888 4352 VMnetAdapter - ok
12:23:12.0904 4352 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
12:23:12.0920 4352 VMnetBridge - ok
12:23:12.0920 4352 VMnetDHCP - ok
12:23:12.0935 4352 [ 94DD802DA1A3BBF7402246CB48CFEA83 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
12:23:12.0951 4352 VMnetuserif - ok
12:23:12.0982 4352 [ A36C1A0ED9C6EA4C9D7872DB7401FA6F ] VMparport C:\Windows\system32\drivers\VMparport.sys
12:23:12.0998 4352 VMparport - ok
12:23:13.0013 4352 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
12:23:13.0013 4352 vmusb - ok
12:23:13.0076 4352 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
12:23:13.0091 4352 VMUSBArbService - ok
12:23:13.0107 4352 VMware NAT Service - ok
12:23:13.0138 4352 [ 06EB22EA8E451654346EA0F9C56DD795 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
12:23:13.0138 4352 vmx86 - ok
12:23:13.0169 4352 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:23:13.0185 4352 volmgr - ok
12:23:13.0216 4352 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:23:13.0232 4352 volmgrx - ok
12:23:13.0263 4352 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:23:13.0278 4352 volsnap - ok
12:23:13.0310 4352 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:23:13.0310 4352 vsmraid - ok
12:23:13.0356 4352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:23:13.0419 4352 VSS - ok
12:23:13.0434 4352 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:23:13.0466 4352 vwifibus - ok
12:23:13.0481 4352 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:23:13.0497 4352 vwififlt - ok
12:23:13.0528 4352 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:23:13.0559 4352 vwifimp - ok
12:23:13.0590 4352 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:23:13.0637 4352 W32Time - ok
12:23:13.0668 4352 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
12:23:13.0700 4352 wacmoumonitor - ok
12:23:13.0715 4352 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
12:23:13.0715 4352 wacommousefilter - ok
12:23:13.0731 4352 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:23:13.0762 4352 WacomPen - ok
12:23:13.0778 4352 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
12:23:13.0778 4352 wacomvhid - ok
12:23:13.0824 4352 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:23:13.0871 4352 WANARP - ok
12:23:13.0871 4352 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:23:13.0887 4352 Wanarpv6 - ok
12:23:13.0934 4352 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:23:13.0996 4352 WatAdminSvc - ok
12:23:14.0043 4352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:23:14.0090 4352 wbengine - ok
12:23:14.0121 4352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:23:14.0136 4352 WbioSrvc - ok
12:23:14.0168 4352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:23:14.0214 4352 wcncsvc - ok
12:23:14.0230 4352 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:23:14.0246 4352 WcsPlugInService - ok
12:23:14.0261 4352 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:23:14.0277 4352 Wd - ok
12:23:14.0308 4352 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:23:14.0339 4352 Wdf01000 - ok
12:23:14.0355 4352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:23:14.0402 4352 WdiServiceHost - ok
12:23:14.0402 4352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:23:14.0433 4352 WdiSystemHost - ok
12:23:14.0464 4352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:23:14.0495 4352 WebClient - ok
12:23:14.0495 4352 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:23:14.0526 4352 Wecsvc - ok
12:23:14.0542 4352 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:23:14.0589 4352 wercplsupport - ok
12:23:14.0604 4352 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:23:14.0636 4352 WerSvc - ok
12:23:14.0636 4352 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:23:14.0651 4352 WfpLwf - ok
12:23:14.0667 4352 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:23:14.0682 4352 WIMMount - ok
12:23:14.0698 4352 WinDefend - ok
12:23:14.0698 4352 WinHttpAutoProxySvc - ok
12:23:14.0729 4352 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:23:14.0776 4352 Winmgmt - ok
12:23:14.0838 4352 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:23:14.0885 4352 WinRM - ok
12:23:14.0932 4352 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:23:14.0963 4352 WinUsb - ok
12:23:14.0994 4352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:23:15.0041 4352 Wlansvc - ok
12:23:15.0057 4352 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:23:15.0072 4352 WmiAcpi - ok
12:23:15.0088 4352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:23:15.0119 4352 wmiApSrv - ok
12:23:15.0150 4352 WMPNetworkSvc - ok
12:23:15.0166 4352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:23:15.0182 4352 WPCSvc - ok
12:23:15.0213 4352 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:23:15.0228 4352 WPDBusEnum - ok
12:23:15.0260 4352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:23:15.0291 4352 ws2ifsl - ok
12:23:15.0306 4352 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:23:15.0322 4352 wscsvc - ok
12:23:15.0353 4352 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:23:15.0369 4352 WSDPrintDevice - ok
12:23:15.0369 4352 WSearch - ok
12:23:15.0431 4352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:23:15.0478 4352 wuauserv - ok
12:23:15.0509 4352 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:23:15.0540 4352 WudfPf - ok
12:23:15.0572 4352 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:23:15.0587 4352 WUDFRd - ok
12:23:15.0587 4352 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:23:15.0618 4352 wudfsvc - ok
12:23:15.0634 4352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:23:15.0665 4352 WwanSvc - ok
12:23:15.0681 4352 ================ Scan global ===============================
12:23:15.0712 4352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:23:15.0743 4352 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:23:15.0743 4352 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:23:15.0774 4352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:23:15.0806 4352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:23:15.0806 4352 [Global] - ok
12:23:15.0806 4352 ================ Scan MBR ==================================
12:23:15.0821 4352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:23:16.0086 4352 \Device\Harddisk0\DR0 - ok
12:23:16.0086 4352 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:23:16.0492 4352 \Device\Harddisk1\DR1 - ok
12:23:16.0492 4352 ================ Scan VBR ==================================
12:23:16.0492 4352 [ D5E1856C0EFA6A4F67B56C4860834396 ] \Device\Harddisk0\DR0\Partition1
12:23:16.0508 4352 \Device\Harddisk0\DR0\Partition1 - ok
12:23:16.0523 4352 [ 3ECC364EC2E23532C4A2EFA2E606702A ] \Device\Harddisk0\DR0\Partition2
12:23:16.0523 4352 \Device\Harddisk0\DR0\Partition2 - ok
12:23:16.0539 4352 [ C5E42BC28C59997018FCA68C7E84C9FA ] \Device\Harddisk0\DR0\Partition3
12:23:16.0539 4352 \Device\Harddisk0\DR0\Partition3 - ok
12:23:16.0539 4352 [ 6FAD85D3F1427FBA87C2AFEDFA882F6C ] \Device\Harddisk1\DR1\Partition1
12:23:16.0554 4352 \Device\Harddisk1\DR1\Partition1 - ok
12:23:16.0554 4352 ============================================================
12:23:16.0554 4352 Scan finished
12:23:16.0554 4352 ============================================================
12:23:16.0554 2776 Detected object count: 4
12:23:16.0554 2776 Actual detected object count: 4
12:23:41.0733 2776 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:23:41.0733 2776 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:23:41.0733 2776 TCPSVCSd ( UnsignedFile.Multi.Generic ) - skipped by user
12:23:41.0733 2776 TCPSVCSd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:23:41.0733 2776 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:23:41.0733 2776 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:23:41.0733 2776 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
12:23:41.0733 2776 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.04.2013, 16:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 17:35
| #9 |
| | Tapiui.DLL - Performance-Probleme & Absturz? Nächstes Log. Danke für die Geduld! Code:
ATTFilter ComboFix 13-04-12.02 - # 13.04.2013 18:19:39.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.8174.6581 [GMT 2:00]
ausgeführt von:: c:\users\#\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
.
.
2013-04-13 16:23 . 2013-04-13 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-13 09:57 . 2013-04-13 09:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F77FBD1-2E27-41FD-A259-C5817F383DC8}\offreg.dll
2013-04-12 17:20 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F77FBD1-2E27-41FD-A259-C5817F383DC8}\mpengine.dll
2013-04-11 18:47 . 2013-04-11 18:47 -------- d-----w- c:\program files (x86)\EA Games
2013-04-10 18:58 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 09:59 . 2013-04-09 09:59 -------- d-----w- c:\programdata\Malwarebytes
2013-04-04 12:44 . 2013-04-04 12:44 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-04-04 12:32 . 2013-04-11 14:39 -------- d-----w- c:\users\#\AppData\Roaming\Origin
2013-04-04 12:32 . 2013-04-04 12:32 -------- d-----w- c:\program files (x86)\Origin Games
2013-04-04 12:32 . 2013-04-04 12:32 -------- d-----w- c:\users\#\AppData\Local\Origin
2013-04-04 12:31 . 2013-04-11 14:39 -------- d-----w- c:\programdata\Origin
2013-04-04 12:31 . 2013-04-04 12:46 -------- d-----w- c:\programdata\Electronic Arts
2013-04-04 12:31 . 2013-04-04 12:32 -------- d-----w- c:\program files (x86)\Origin
2013-04-04 09:32 . 2013-04-04 12:30 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-04-03 20:13 . 2013-04-03 20:13 -------- d-----w- c:\program files (x86)\DLLSuite
2013-03-29 12:41 . 2013-03-29 12:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 12:41 . 2013-03-29 12:41 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-29 12:41 . 2013-03-29 12:41 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 10:02 . 2013-03-19 10:02 -------- d-----w- c:\users\#\AppData\Roaming\Sync App Settings
2013-03-19 10:02 . 2013-03-19 10:02 -------- d-----w- c:\programdata\Sync App Settings
2013-03-19 10:01 . 2013-03-19 10:02 -------- d-----w- c:\program files (x86)\Allway Sync
2013-03-19 09:57 . 2013-03-19 09:57 -------- d-----w- c:\programdata\RegInOut
2013-03-19 09:53 . 2013-03-19 09:53 -------- d-----w- c:\users\#\AppData\Local\Programs
2013-03-19 09:52 . 2013-03-19 09:52 -------- d-----w- c:\program files (x86)\MozBackup
2013-03-19 09:17 . 2013-03-19 09:17 -------- d-----w- c:\windows\system32\IO
2013-03-18 18:19 . 2013-03-18 18:19 -------- d-----w- c:\users\#\AppData\Roaming\Jumping Bytes
2013-03-18 18:18 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-03-18 18:18 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-03-18 18:18 . 2013-03-18 18:18 119808 ----a-w- c:\windows\system32\GFilterSvc.exe~RF17f6dc.TMP
2013-03-18 18:18 . 2013-03-19 09:17 -------- d-----w- c:\users\#\AppData\Roaming\DesktopIconForAmazon
2013-03-18 18:18 . 2013-03-18 18:18 114688 ----a-w- c:\windows\system32\tapiui64.exe
2013-03-18 18:18 . 2013-03-18 18:18 -------- d-----w- c:\users\#\AppData\Roaming\OCS
2013-03-16 21:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 20:56 . 2013-03-16 20:56 -------- d-----w- c:\users\#\AppData\Roaming\Ubisoft
2013-03-16 20:21 . 2013-03-16 20:21 -------- d-----w- c:\programdata\Tages
2013-03-16 15:43 . 2013-03-16 20:50 -------- d-----w- c:\users\#\.tuxguitar-1.2
2013-03-16 15:42 . 2013-03-16 15:43 -------- d-----w- c:\program files (x86)\TuxGuitar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 22:55 . 2011-11-20 00:06 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 09:00 . 2013-03-14 09:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-14 09:00 . 2012-10-12 10:16 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-14 09:00 . 2011-11-18 16:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 20:28 . 2012-09-24 15:36 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:28 . 2011-11-17 19:12 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2011-11-17 18:31 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-13 23:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 23:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 23:48 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 14:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 14:50 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 14:50 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 14:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:50 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:50 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 14:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:50 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 14:50 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 14:50 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 14:50 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 14:50 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 14:50 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 14:50 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 14:50 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 14:50 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 14:50 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 14:50 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 14:50 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 14:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 14:50 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 14:50 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 14:50 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 14:50 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 14:50 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 14:50 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 14:50 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 14:50 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 14:50 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 14:50 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 14:50 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 14:50 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 14:50 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 14:50 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 14:50 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 14:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 14:50 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 14:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 14:50 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 14:50 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-03 1104280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-10-11 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2012-5-10 1643808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-29 1432400]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 20480]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-20 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-29 86752]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-12-15 212256]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 7515000]
S2 TCPSVCSd;vhdmp Streaming Filter;c:\windows\system32\tapiui64.exe [2013-03-18 114688]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 552312]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-10 787968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 62434607
*Deregistered* - 62434607
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 20:28]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 23:39]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 23:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-03-08 11:51; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-19 12:03; firebug@software.joehewitt.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-19 12:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-19 12:04; {a95d8332-e4b4-6e7f-98ac-20b733364387}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF - ExtSQL: 2013-03-19 12:04; {46868735-c3fa-47ce-8ce7-cce51a66aceb}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
FF - ExtSQL: 2013-03-19 12:04; kitsuneymg@gmail.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\kitsuneymg@gmail.com.xpi
FF - ExtSQL: 2013-03-25 21:02; {b749fc7c-e949-447f-926c-3f4eed6accfe}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF - ExtSQL: 2013-03-25 21:04; jid1-QpHD8URtZWJC2A@jetpack; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF - ExtSQL: 2013-04-11 20:46; battlefieldheroespatcher@ea.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\battlefieldheroespatcher@ea.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-PunkBusterSvc - d:\games\Battlefield Play4Free\pbsvc_p4f.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5e,9d,e7,b4,ea,23,55,15,ad,c6,ca,3f,b0,04,71,0f,4a,46,67,2d,8f,
ef,5d,60,aa,14,d1,0f,da,da,b2,0e,3b,57,d9,be,d1,c7,da,d2,4f,bc,fa,08,4e,93,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:5e,9d,e7,b4,ea,23,55,15,ad,c6,ca,3f,b0,04,71,0f,4a,46,67,2d,8f,
ef,5d,60,aa,14,d1,0f,da,da,b2,0e,3b,57,d9,be,d1,c7,da,d2,4f,bc,fa,08,4e,93,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-13 18:25:43
ComboFix-quarantined-files.txt 2013-04-13 16:25
.
Vor Suchlauf: 12 Verzeichnis(se), 10.293.702.656 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 11.728.723.968 Bytes frei
.
- - End Of File - - 089670B29B6810CC9C9EC33B50366A49
|
|
14.04.2013, 15:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2013, 15:36
| #11 |
| | Tapiui.DLL - Performance-Probleme & Absturz? Weiss nicht ob das TXT-File reinziehen gut funktioniert hat. Oder ist es egal wenn Combofix vorher noch nicht ausgeführt wurde? Danke nochmal für die Hilfe! Code:
ATTFilter ComboFix 13-04-14.01 - # 14.04.2013 16:21:37.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.8174.6283 [GMT 2:00]
ausgeführt von:: c:\users\#\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\#\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\tapiui64.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tapiui64.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TCPSVCSd
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-14 bis 2013-04-14 ))))))))))))))))))))))))))))))
.
.
2013-04-12 17:20 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F77FBD1-2E27-41FD-A259-C5817F383DC8}\mpengine.dll
2013-04-11 18:47 . 2013-04-11 18:47 -------- d-----w- c:\program files (x86)\EA Games
2013-04-10 18:58 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 09:59 . 2013-04-09 09:59 -------- d-----w- c:\programdata\Malwarebytes
2013-04-04 12:44 . 2013-04-04 12:44 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-04-04 12:32 . 2013-04-11 14:39 -------- d-----w- c:\users\#\AppData\Roaming\Origin
2013-04-04 12:32 . 2013-04-04 12:32 -------- d-----w- c:\program files (x86)\Origin Games
2013-04-04 12:32 . 2013-04-04 12:32 -------- d-----w- c:\users\#\AppData\Local\Origin
2013-04-04 12:31 . 2013-04-11 14:39 -------- d-----w- c:\programdata\Origin
2013-04-04 12:31 . 2013-04-04 12:46 -------- d-----w- c:\programdata\Electronic Arts
2013-04-04 12:31 . 2013-04-04 12:32 -------- d-----w- c:\program files (x86)\Origin
2013-04-04 09:32 . 2013-04-04 12:30 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-04-03 20:13 . 2013-04-03 20:13 -------- d-----w- c:\program files (x86)\DLLSuite
2013-03-29 12:41 . 2013-03-29 12:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 12:41 . 2013-03-29 12:41 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-29 12:41 . 2013-03-29 12:41 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 10:02 . 2013-03-19 10:02 -------- d-----w- c:\users\#\AppData\Roaming\Sync App Settings
2013-03-19 10:02 . 2013-03-19 10:02 -------- d-----w- c:\programdata\Sync App Settings
2013-03-19 10:01 . 2013-03-19 10:02 -------- d-----w- c:\program files (x86)\Allway Sync
2013-03-19 09:57 . 2013-03-19 09:57 -------- d-----w- c:\programdata\RegInOut
2013-03-19 09:53 . 2013-03-19 09:53 -------- d-----w- c:\users\#\AppData\Local\Programs
2013-03-19 09:52 . 2013-03-19 09:52 -------- d-----w- c:\program files (x86)\MozBackup
2013-03-19 09:17 . 2013-03-19 09:17 -------- d-----w- c:\windows\system32\IO
2013-03-18 18:19 . 2013-03-18 18:19 -------- d-----w- c:\users\#\AppData\Roaming\Jumping Bytes
2013-03-18 18:18 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-03-18 18:18 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-03-18 18:18 . 2013-03-18 18:18 119808 ----a-w- c:\windows\system32\GFilterSvc.exe~RF17f6dc.TMP
2013-03-18 18:18 . 2013-03-19 09:17 -------- d-----w- c:\users\#\AppData\Roaming\DesktopIconForAmazon
2013-03-18 18:18 . 2013-03-18 18:18 -------- d-----w- c:\users\#\AppData\Roaming\OCS
2013-03-16 21:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 20:56 . 2013-03-16 20:56 -------- d-----w- c:\users\#\AppData\Roaming\Ubisoft
2013-03-16 20:21 . 2013-03-16 20:21 -------- d-----w- c:\programdata\Tages
2013-03-16 15:43 . 2013-03-16 20:50 -------- d-----w- c:\users\#\.tuxguitar-1.2
2013-03-16 15:42 . 2013-03-16 15:43 -------- d-----w- c:\program files (x86)\TuxGuitar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 22:55 . 2011-11-20 00:06 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 09:00 . 2013-03-14 09:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-14 09:00 . 2012-10-12 10:16 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-14 09:00 . 2011-11-18 16:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 20:28 . 2012-09-24 15:36 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:28 . 2011-11-17 19:12 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2011-11-17 18:31 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-13 23:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 23:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 23:48 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-03 1104280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-10-11 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2012-5-10 1643808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-29 1432400]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 20480]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-20 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-29 86752]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-12-15 212256]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 7515000]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 552312]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-10 787968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 20:28]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 23:39]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 23:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\#\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-03-08 11:51; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-19 12:03; firebug@software.joehewitt.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-19 12:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-19 12:04; {a95d8332-e4b4-6e7f-98ac-20b733364387}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF - ExtSQL: 2013-03-19 12:04; {46868735-c3fa-47ce-8ce7-cce51a66aceb}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
FF - ExtSQL: 2013-03-19 12:04; kitsuneymg@gmail.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\kitsuneymg@gmail.com.xpi
FF - ExtSQL: 2013-03-25 21:02; {b749fc7c-e949-447f-926c-3f4eed6accfe}; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF - ExtSQL: 2013-03-25 21:04; jid1-QpHD8URtZWJC2A@jetpack; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF - ExtSQL: 2013-04-11 20:46; battlefieldheroespatcher@ea.com; c:\users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\extensions\battlefieldheroespatcher@ea.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - d:\games\Battlefield Play4Free\pbsvc_p4f.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5e,9d,e7,b4,ea,23,55,15,ad,c6,ca,3f,b0,04,71,0f,4a,46,67,2d,8f,
ef,5d,60,aa,14,d1,0f,da,da,b2,0e,3b,57,d9,be,d1,c7,da,d2,4f,bc,fa,08,4e,93,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:5e,9d,e7,b4,ea,23,55,15,ad,c6,ca,3f,b0,04,71,0f,4a,46,67,2d,8f,
ef,5d,60,aa,14,d1,0f,da,da,b2,0e,3b,57,d9,be,d1,c7,da,d2,4f,bc,fa,08,4e,93,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-14 16:33:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-14 14:33
ComboFix2.txt 2013-04-13 16:25
.
Vor Suchlauf: 16 Verzeichnis(se), 11.487.821.824 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 11.243.409.408 Bytes frei
.
- - End Of File - - C681811D9F5ADE06A6469429A23B569F
|
|
15.04.2013, 11:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2013, 12:28
| #13 |
| | Tapiui.DLL - Performance-Probleme & Absturz? So.. hier die nächsten Logs. Vielen Dank nochmal! Firefox läuft mittlerweile wieder stabil soweit ich das beurteilen kann. MFG Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by # on 16.04.2013 at 12:08:09,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Successfully deleted: [File] "C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi"
Successfully deleted: [Folder] C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\jetpack
Emptied folder: C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2013 at 12:12:27,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 16/04/2013 um 12:40:01 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : # - #-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\#\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\#\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\#\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\#\AppData\Roaming\Mozilla\Firefox\Profiles\4md1e8gj.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [846 octets] - [16/04/2013 12:40:01]
########## EOF - C:\AdwCleaner[S1].txt - [905 octets] ##########
Code:
ATTFilter OTL logfile created on: 16.04.2013 12:46:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\#\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,09% Memory free 15,96 Gb Paging File | 13,78 Gb Available in Paging File | 86,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 9,66 Gb Free Space | 9,90% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 113,31 Gb Free Space | 30,78% Space Free | Partition Type: NTFS Drive E: | 455,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 698,63 Gb Total Space | 6,26 Gb Free Space | 0,90% Space Free | Partition Type: NTFS Computer Name: #-PC | User Name: # | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\#\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 40 54 03 89 38 CE 01 [binary data] IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.3 FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2 FF - prefs.js..extensions.enabledAddons: kitsuneymg%40gmail.com:1.0.6 FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\#\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 19:58:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 19:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 11:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.19 13:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#\AppData\Roaming\mozilla\Extensions [2013.04.16 12:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#\AppData\Roaming\mozilla\Firefox\Profiles\4md1e8gj.default\extensions [2013.04.11 20:46:24 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\#\AppData\Roaming\mozilla\Firefox\Profiles\4md1e8gj.default\extensions\battlefieldheroespatcher@ea.com [2013.03.19 13:03:32 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.19 13:04:04 | 000,006,516 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\kitsuneymg@gmail.com.xpi [2013.03.19 13:04:04 | 000,001,736 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2013.03.19 13:04:04 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013.03.25 22:02:51 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.03.19 13:03:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.21 13:18:10 | 000,009,117 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\flickr.xml [2013.03.20 21:56:50 | 000,001,959 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\lastfm.xml [2013.03.24 14:12:44 | 000,001,330 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\wikipedia-en.xml [2013.03.20 01:21:24 | 000,002,057 | ---- | M] () -- C:\Users\#\AppData\Roaming\mozilla\firefox\profiles\4md1e8gj.default\searchplugins\youtube-videosuche.xml [2013.04.12 19:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 19:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 19:58:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.14 16:26:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001..\Run: [Spotify Web Helper] C:\Users\#\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\#\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80653630-F768-46F0-B696-39882B31D52F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.05.29 13:08:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2000.09.24 21:19:57 | 000,000,063 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.16 12:44:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\#\Desktop\OTL.exe [2013.04.16 12:08:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.16 12:08:03 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.16 12:07:26 | 016,059,288 | ---- | C] (Spotify Ltd) -- C:\Users\#\Desktop\windows-preview-installer.exe [2013.04.16 12:06:43 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\#\Desktop\JRT.exe [2013.04.14 16:27:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.13 18:18:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.13 18:18:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.13 18:18:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.13 18:18:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.13 18:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.13 18:17:22 | 005,052,676 | R--- | C] (Swearware) -- C:\Users\#\Desktop\ComboFix.exe [2013.04.12 19:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 20:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2013.04.11 00:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.11 00:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.11 00:54:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 00:54:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.11 00:54:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.11 00:54:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 00:54:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 00:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.11 00:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.11 00:54:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 00:54:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.11 00:54:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.11 00:54:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 00:54:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 00:54:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 20:58:22 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 20:58:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 20:58:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 20:58:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 20:58:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 20:58:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 20:58:14 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 20:58:13 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 20:58:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 20:58:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 20:58:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 20:58:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 12:02:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\#\Desktop\tdsskiller.exe [2013.04.09 12:00:54 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\#\Desktop\aswMBR.exe [2013.04.09 11:59:43 | 000,000,000 | ---D | C] -- C:\Users\#\Desktop\mbar-1.01.0.1022 [2013.04.09 11:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.04 14:46:02 | 000,000,000 | ---D | C] -- D:\Daten\SimCity [2013.04.04 14:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ [2013.04.04 14:44:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.04.04 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.04.04 14:32:34 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Origin [2013.04.04 14:32:33 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Local\Origin [2013.04.04 14:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.04.04 14:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.04.04 14:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.04.04 14:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.04.04 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.03 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013 [2013.04.03 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite [2013.03.29 14:41:32 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:41:32 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:41:32 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.23 20:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.23 15:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2013.03.20 17:47:03 | 000,000,000 | ---D | C] -- C:\Users\#\Desktop\backups [2013.03.19 13:01:55 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Mozilla [2013.03.19 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Sync App Settings [2013.03.19 12:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings [2013.03.19 12:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync [2013.03.19 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync [2013.03.19 11:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut [2013.03.19 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Local\Programs [2013.03.19 11:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2013.03.19 11:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2013.03.19 11:17:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.03.18 20:19:06 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Jumping Bytes [2013.03.18 20:18:14 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013.03.18 20:18:08 | 000,000,000 | ---D | C] -- C:\Users\#\AppData\Roaming\Opera [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.16 12:49:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 12:49:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 12:44:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\#\Desktop\OTL.exe [2013.04.16 12:41:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.16 12:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.16 12:41:04 | 2133,561,343 | -HS- | M] () -- C:\hiberfil.sys [2013.04.16 12:39:18 | 000,613,083 | ---- | M] () -- C:\Users\#\Desktop\adwcleaner.exe [2013.04.16 12:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.16 12:07:35 | 016,059,288 | ---- | M] (Spotify Ltd) -- C:\Users\#\Desktop\windows-preview-installer.exe [2013.04.16 12:06:47 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\#\Desktop\JRT.exe [2013.04.15 23:55:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.14 16:53:18 | 000,004,035 | ---- | M] () -- D:\Daten\# Style.style [2013.04.14 16:26:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.14 16:15:02 | 005,052,676 | R--- | M] (Swearware) -- C:\Users\#\Desktop\ComboFix.exe [2013.04.14 16:03:59 | 001,620,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.14 16:03:59 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.14 16:03:59 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.14 16:03:59 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.14 16:03:59 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.13 23:06:05 | 010,471,978 | ---- | M] () -- C:\Users\#\Desktop\Deceiver of The Gods.mp3 [2013.04.13 21:20:50 | 000,038,176 | ---- | M] () -- C:\Users\#\Desktop\Schwarzpl.dwg [2013.04.13 12:20:21 | 000,000,512 | ---- | M] () -- C:\Users\#\Desktop\MBR.dat [2013.04.12 23:44:44 | 000,000,234 | ---- | M] () -- C:\Users\#\Desktop\Hirnwürfel [Seite 1] - Inspektor Gadget - derStandard.at › Lifestyle.URL [2013.04.11 09:50:40 | 003,072,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 23:01:12 | 000,032,502 | ---- | M] () -- C:\Users\#\Desktop\388687_10151395598097005_1444168604_n.jpg [2013.04.10 12:18:43 | 000,000,309 | ---- | M] () -- C:\Users\#\Desktop\2.URL [2013.04.10 12:18:30 | 000,000,301 | ---- | M] () -- C:\Users\#\Desktop\1.URL [2013.04.09 14:01:13 | 000,000,226 | ---- | M] () -- C:\Users\#\Desktop\Gamification Coursera.URL [2013.04.09 13:08:02 | 000,050,286 | ---- | M] () -- C:\Users\#\Desktop\TDSSKiller.2.8.16.0_09.04.2013_12.29.27_log.zip [2013.04.09 12:02:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\#\Desktop\tdsskiller.exe [2013.04.09 12:02:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\#\Desktop\aswMBR.exe [2013.04.08 17:22:17 | 000,511,142 | ---- | M] () -- C:\Users\#\Desktop\tumblr_lxlzp7sYop1r7zo0ho1_500.gif [2013.04.08 15:39:45 | 003,272,598 | ---- | M] () -- C:\Users\#\Desktop\miranda-im-v0.10.12-unicode.exe [2013.04.04 00:22:45 | 000,000,214 | ---- | M] () -- C:\Users\#\Desktop\StoneSour.com.URL [2013.04.02 17:17:13 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.29 14:41:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:41:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:41:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.29 14:35:47 | 000,001,017 | ---- | M] () -- C:\Users\#\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.19 11:52:49 | 037,593,770 | ---- | M] () -- D:\Daten\Firefox 19.0.2 (de) - 2013-03-19.pcv [2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.16 12:39:15 | 000,613,083 | ---- | C] () -- C:\Users\#\Desktop\adwcleaner.exe [2013.04.14 16:53:18 | 000,004,035 | ---- | C] () -- D:\Daten\# Style.style [2013.04.13 23:05:59 | 010,471,978 | ---- | C] () -- C:\Users\#\Desktop\Deceiver of The Gods.mp3 [2013.04.13 21:20:49 | 000,038,176 | ---- | C] () -- C:\Users\#\Desktop\Schwarzpl.dwg [2013.04.13 18:18:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.13 18:18:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.13 18:18:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.13 18:18:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.13 18:18:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.13 12:20:21 | 000,000,512 | ---- | C] () -- C:\Users\#\Desktop\MBR.dat [2013.04.12 23:44:44 | 000,000,234 | ---- | C] () -- C:\Users\#\Desktop\Hirnwürfel [Seite 1] - Inspektor Gadget - derStandard.at › Lifestyle.URL [2013.04.10 23:01:12 | 000,032,502 | ---- | C] () -- C:\Users\#\Desktop\388687_10151395598097005_1444168604_n.jpg [2013.04.10 12:18:30 | 000,000,309 | ---- | C] () -- C:\Users\#\Desktop\2.URL [2013.04.10 12:18:30 | 000,000,301 | ---- | C] () -- C:\Users\#\Desktop\1.URL [2013.04.09 14:01:13 | 000,000,226 | ---- | C] () -- C:\Users\#\Desktop\Gamification Coursera.URL [2013.04.09 13:08:02 | 000,050,286 | ---- | C] () -- C:\Users\#\Desktop\TDSSKiller.2.8.16.0_09.04.2013_12.29.27_log.zip [2013.04.08 17:22:15 | 000,511,142 | ---- | C] () -- C:\Users\#\Desktop\tumblr_lxlzp7sYop1r7zo0ho1_500.gif [2013.04.08 15:39:38 | 003,272,598 | ---- | C] () -- C:\Users\#\Desktop\miranda-im-v0.10.12-unicode.exe [2013.04.04 00:22:45 | 000,000,214 | ---- | C] () -- C:\Users\#\Desktop\StoneSour.com.URL [2013.03.19 13:01:52 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.19 13:01:52 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.19 11:52:24 | 037,593,770 | ---- | C] () -- D:\Daten\Firefox 19.0.2 (de) - 2013-03-19.pcv [2013.03.18 20:23:21 | 001,009,654 | ---- | C] () -- D:\Daten\Fox_Movie_World_65.SV6 [2013.03.18 20:23:21 | 000,535,520 | ---- | C] () -- D:\Daten\Majesty Legoland 17.SV6 [2013.03.18 20:23:18 | 105,040,768 | ---- | C] () -- D:\Daten\Fonts.zip [2013.03.18 20:23:15 | 093,151,006 | ---- | C] () -- D:\Daten\Conan_-_Monnos.7z [2013.03.18 20:23:15 | 000,470,360 | ---- | C] () -- D:\Daten\bookmarks.html [2013.03.18 20:23:15 | 000,058,116 | ---- | C] () -- D:\Daten\AutoSave_Untitled.skp [2013.03.18 20:18:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.11.06 14:07:39 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.05.11 13:19:58 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.05.10 12:16:04 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2012.05.10 09:51:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2012.05.10 09:51:24 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.05.10 09:51:24 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2012.05.10 09:51:24 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.21 21:19:10 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.05 17:41:50 | 000,000,037 | ---- | C] () -- C:\Users\#\AppData\Roaming\Winamp_BackupWinamp_Backup_Integrity.winampbackup [2011.12.19 14:47:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011.12.18 17:01:24 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.18 17:01:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.12 01:13:39 | 000,000,400 | ---- | C] () -- C:\Windows\g_lfolqn712.ini [2011.12.12 01:13:39 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bfrpsej167.dat [2011.11.18 18:47:20 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.11.17 20:58:15 | 001,597,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.17 20:40:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.04.2013 12:46:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\#\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,09% Memory free
15,96 Gb Paging File | 13,78 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 9,66 Gb Free Space | 9,90% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 113,31 Gb Free Space | 30,78% Space Free | Partition Type: NTFS
Drive E: | 455,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 698,63 Gb Total Space | 6,26 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
Computer Name: #-PC | User Name: # | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAFD372-F733-4535-9172-8FFBD1917453}" = rport=445 | protocol=6 | dir=out | app=system |
"{12548A41-58AC-4688-9F3C-5291C5AF171A}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{1590EFEC-41CC-45EF-A764-7749C281890E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2498CA81-C4FB-48E1-A344-07D5F2857051}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47EDF200-F5B6-4339-9DB1-2D8DEBD44F7D}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{4F2049A5-32F0-4599-BDD0-08898050BD08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52AB130B-9CBF-4C37-AC0D-EFA40F8AF825}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{563E890C-59AB-4753-A16E-056A68771F8D}" = rport=139 | protocol=6 | dir=out | app=system |
"{60887AD5-1D98-4DDF-891A-549CBF611E01}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{68237433-71E4-4816-B230-5F56FCE94BC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C38B0AA-1AD6-4EDC-B0A9-08249FF3F55D}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E4D52D0-5C54-44FF-A8D6-B1EA118138D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F754A2C-2BD5-4310-BA92-517BB35BB7EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75F1F681-93D7-47AA-B8BB-FAC25A326FCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79818E8A-AAC6-401D-B8F9-CD76BEF23309}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DCD4572-59F5-4D80-99AC-AE221DB6BCA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82854198-C21A-403D-9F19-5E7F89A49106}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84C0CFAD-8477-44BB-ACF6-4ECA03969AE3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85649610-FBBE-4539-BEA9-138954C5A9BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{900DAA92-DE92-4B44-9F7A-4FF73E8E093B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B79133C-713E-4665-A2AA-209D1DC01FD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A661C632-7D8B-4F51-9A09-F25828CFD964}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5433370-EEDE-4411-91EC-E58EE78380CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{BA06E99F-6A55-4161-911C-8CCE820EDA4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDF3C143-97C1-4EB7-A347-855D2A0EA65C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE809C92-4C5B-42A1-9112-58FFD24F893A}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF61394D-1C5F-4A08-BD4A-9041BC7C2256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C66A866D-BB89-4E2F-9C53-18B51C45E1BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B36F94-E8D6-46D6-92AF-A40492357485}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D03F2716-B1F5-4549-8379-BB70C8471B44}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{D1AFEDC9-6CA3-41CA-AB69-B415643E55BB}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{D4B32C4F-6E06-499B-AAAE-BCAA1F872981}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DBA75F84-4644-4605-A385-BEE2BC0C70FF}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{E24D6E83-EBF7-4E63-9009-6A9D1A0E292F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{EB11BB99-A39D-4236-B66C-AEE5C23C5880}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED0C8042-39E8-45ED-B855-32199B9D0832}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F6CA969D-1145-4009-A8A0-8C931A4E4BDB}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA30ECA0-0A05-40AA-A4C8-C75030EA9F5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD44DD2B-7896-44DA-94C6-32CA5C668AEE}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008ACDBA-88B5-4D17-AAC9-29054E8370BF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\5dave\day of defeat\hl.exe |
"{0273E1A5-66B9-42F4-B6DA-18047C97D9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{04D21294-467F-4804-A162-D655271CEA96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08587AE2-B4B3-4698-9613-99544FCA108F}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsb84a.tmp\easyinst64.exe |
"{0A0C1522-5C2D-4760-B6C9-2A1A4B984F7B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{0D1F492E-4E8E-4113-BA17-EFB15E06C9D6}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{0D1FD4E2-252F-4581-AC8D-D7F514F18057}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{0E8ED250-E191-4562-9C35-0F0A3599C38E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F534902-B6BA-4687-BD5E-0B6E7A083680}" = protocol=17 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{11F17D87-D8BE-48F7-B9B5-85C0BEC9D9E1}" = protocol=6 | dir=in | app=d:\games\origin\simcity\simcity\simcity.exe |
"{1471792F-06FE-4DB8-AAD2-0D6E709447DC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{14C1486A-C563-4C42-ACC7-43AD77C8EAC1}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\dropbox\bin\dropbox.exe |
"{14CCF4B8-2635-45F1-A2BC-2E1311EAD80C}" = protocol=17 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{17265453-7562-4D64-86B2-7D76B4F62B2E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{1B011913-3F88-4B83-A18A-0F43C4710B90}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{202418C7-1F28-49AF-BBE9-8177117805AA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{24647528-88D9-4303-BD9A-C7B428D0B024}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{24DA4BB3-BA47-4CFA-995C-7FD36DFF0CFC}" = protocol=6 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"{2AB162F8-FDF8-4EF3-B3BB-19A3712D6203}" = protocol=6 | dir=out | app=system |
"{2DCC1DF7-6486-4704-B8AC-9F881E8F732E}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{2E317F64-EF51-4975-82BD-606150BE3DDF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{307E64E0-AE5D-4692-B964-8232240CCB97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30CFD0E0-2D26-45DA-83C4-5D15F8A3DB71}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{33DEDD79-F8CA-44DB-8A24-69E02824CCB2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{354E3674-5F84-4A9B-A536-791DD5810B78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38DC5B54-F37F-434B-A952-CDEBA0D866E8}" = protocol=6 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"{3921FDDA-35B3-4136-A79D-FBD4C9EB753C}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsa1b3.tmp\easyinst64.exe |
"{3BB126A5-D7C0-429B-840B-B5ADE1265E9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BC466C5-67E9-4420-98AD-059CD6B339CC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{3D42F190-5939-457A-8A7C-AD9588C5FF64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F76814D-82C5-495E-8FCC-48B7086398AD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\5dave\team fortress 2\hl2.exe |
"{4089B4F3-ED8B-4265-BEF0-7D40FBF2361C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{40D4700C-615E-4AF9-9DC5-691332EC7445}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{4678ED75-63D8-42E0-BE03-38268EF2E1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47381E2B-A33D-4228-9F36-5160F161E4F0}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{479210D6-F5C3-486C-9291-1F2F5EF507EA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{4850C64F-13EF-4050-84D6-593C43E8803A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\5dave\team fortress 2\hl2.exe |
"{4B27C719-600F-42FD-8ED0-159ACF1E3AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{522F6EC9-D3B3-4BD6-8E06-C393C6FEB167}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52B4805A-CCF8-43D4-A104-FB233BB619C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{53651DE3-3B36-4A5A-BF53-32E6923A7922}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{54A00F0C-BCF1-4648-BEB2-6E03F1F63D5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57F29136-5611-4BDB-B6AC-D3DC53675413}" = protocol=17 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{58F0DD74-296F-4C05-9C8F-60B28794E9BB}" = protocol=6 | dir=in | app=c:\users\#\appdata\local\temp\7zsab4b.tmp\easyinst64.exe |
"{5BF62E22-FCE9-49ED-9817-ED3382683AA7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{5EBEF418-BB9B-4A41-818E-8BA740CBE9AC}" = protocol=6 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{5F07D6B2-734C-4177-A427-DCDE094931ED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{62DD6C29-0D1F-4FE7-B146-88CE23B3DE24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{64E6648F-56AC-4E6D-9838-58B952AC07EF}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{67834B56-C184-406F-B9A1-E7DF4094D94F}" = protocol=6 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{691A2DCB-48C6-406C-8FF8-A8C9ADFDC416}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsab4b.tmp\easyinst64.exe |
"{6C1A30FC-DB27-4F3E-835B-8B5078750A85}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{714DF4B8-AC7E-41E8-A3FF-6B566E97EA54}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{722D44F8-02D4-40B2-8C8A-E78964487E10}" = protocol=17 | dir=in | app=d:\games\origin\simcity\simcity\simcity.exe |
"{7CB0721F-9012-4CC9-AB40-B05B77E42245}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D344152-7988-4027-8556-89595681EE6B}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{849F955C-C3A2-4ACA-BCAF-444F6D72D53F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{87D2B8B6-1C14-4313-B3E4-D6D02E5CFABE}" = protocol=17 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{8AE8EF8D-C143-4665-9CFB-2219562EBB18}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{8B9FFC9D-4267-40D4-914B-6224060EB629}" = protocol=17 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{8ED72352-6236-4E56-ABD3-2C7F994EB410}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{92CEE5B8-B093-43BC-8002-26166AF43652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94AD9E56-FEEE-4934-A951-8B051EB2DEB9}" = protocol=17 | dir=in | app=d:\games\defcon\defcon.exe |
"{9606871B-B672-4E39-843F-5B75D588BFCB}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\spotify\spotify.exe |
"{960D14CD-A166-4E50-A5DF-2A9523A14335}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{963CE535-9F5E-4801-A8AF-3671EDC1DB0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96439218-3446-416C-A023-8192156C3D23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96A7554E-4193-48A6-9135-794AD34E15CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{988D3E00-F8A8-4957-8341-55B5F28AEC29}" = protocol=6 | dir=in | app=d:\games\defcon\defcon.exe |
"{9ADFADC3-611F-4226-82DD-1933962D5CB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C554F64-7867-44BD-926A-5350FB5F23E3}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsa1b3.tmp\easyinst64.exe |
"{9C8D52FD-D5D1-4ED9-9A45-A8A635B104A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D3D0348-B76A-43C3-90FB-2828C053A673}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{A0B333D9-79D8-40A5-BB5B-7F7CE7E4B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3193B29-6673-44D6-8AD0-AB4F8B9BBA99}" = protocol=17 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"{AB6F3F14-AFB3-4537-AE42-D6EDE977E499}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC42405A-534E-4B97-9BA0-D82906845AC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD762EEF-39AE-480F-B1D1-2AEF0767A4D1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AECFA2FC-6653-4B33-85EB-8E1737AB2FFF}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{B282007A-EA46-44E9-99C6-9E08273EA956}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{B60A709C-0ED9-428F-9B95-32D0A7FB4AEF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{B84772ED-0A28-49DB-9F27-64B8AAD05D95}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B85DBAA0-A521-48BE-99EA-B61E2719FD5E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{BD5A55E4-43D5-4F1A-9799-0D78FA99F926}" = protocol=6 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{C5EC9DD2-2969-47B4-8C6A-6F46194017E7}" = protocol=17 | dir=in | app=d:\games\company of heroes\reliccoh.exe |
"{C6E75C2C-BC16-4229-A8CC-CABA66ACE89F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{C6EE8D3C-A079-4159-BE81-8EB0DC96FE96}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{C764A5B0-142A-4B28-AB4A-EC9B9F5D05FB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C850C463-82BD-48DE-B857-2DC77FE5AF7B}" = protocol=6 | dir=in | app=c:\users\#\appdata\roaming\dropbox\bin\dropbox.exe |
"{CD592509-F0F4-43C4-B8E0-66FA2FE2CDF9}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{CE310789-75EF-4E4C-84EA-5B0892460971}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CFBBD1CC-63B0-49A3-ACDF-98761B3E1E7C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{D0E42CF9-8B1D-47AC-9A1F-D742E63D36E2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{D1671D62-7AD8-4530-A7FE-448BF07B7E27}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{D2FE1F8F-534F-488B-BB5A-ACE83E0B4EE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D53834C4-2AC6-4799-80DF-CE3F59B9EBF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D5E22FFE-8CC3-45F1-A36D-550FFD5838BF}" = protocol=6 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{DA7545A6-D927-4CE2-BF93-A0D18CDD6E14}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{DC187D1E-4147-4E37-BD5C-AA64658EB229}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC772A82-9870-474F-AB96-C53DA0481B11}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{DD559201-F0D0-44C7-8C87-E1EC64B8EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{DF1A0FFD-9B72-49AB-9872-18012B5A10D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1A8FF4A-15A6-406A-B6F1-55244AF24ABD}" = protocol=17 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"{E1FADC08-F115-498A-88AB-F39E36126787}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E222F174-D8FE-4A2D-BCAD-915ED6693124}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3B45BE5-C099-4262-92DB-9E31ED54E302}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{E46C155C-82AC-4725-BAB3-43075E43192D}" = protocol=6 | dir=in | app=d:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{E6CB7C86-15EB-47A9-B213-CDD2D3158CC5}" = protocol=17 | dir=in | app=c:\users\#\appdata\local\temp\7zsb84a.tmp\easyinst64.exe |
"{E7832A39-BD8B-49C4-AAE5-A0FB6CD7A176}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{EE8677E8-B497-4840-B7DB-4EEEEB245093}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{F395AA01-E884-4179-91C0-946657807AE5}" = dir=in | app=c:\program files (x86)\the bit studio\synctunes desktop\synctunes.exe |
"{F984BF96-6ADC-4439-95F3-F87B57A1A2E3}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{F9C65BBF-D139-4F3B-B08B-9ADFC9875313}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\5dave\day of defeat\hl.exe |
"{FBC10221-5BDA-4B38-AF50-18C7432D9DA9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"TCP Query User{0095A125-4EC6-4E1E-A7FE-BD5AA2E56292}G:\games\multiplayer\call of duty\codmp.exe" = protocol=6 | dir=in | app=g:\games\multiplayer\call of duty\codmp.exe |
"TCP Query User{021209B3-BFD8-417B-B973-474742589A8F}D:\games\left4dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\left4dead 2\left4dead2.exe |
"TCP Query User{03DC74EF-8E20-494B-A10C-43BD878B9E0F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{0759ED40-BC4E-4D50-AC5A-1BD710DB16F8}D:\games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"TCP Query User{0C80CCCD-F122-4B01-90B8-0F2A16F3748D}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{0CD36FCD-77C5-40A3-BF3E-A7805EA9EB99}D:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0D8A585B-2320-499A-8601-5FB7413B3DE9}D:\games\call of duty\codmp (2).exe" = protocol=6 | dir=in | app=d:\games\call of duty\codmp (2).exe |
"TCP Query User{1CCB2C0D-11D5-47CE-8A95-3BEC56D36505}D:\games\steam\steamapps\5dave\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\5dave\team fortress 2\hl2.exe |
"TCP Query User{3A979192-D99B-4BF1-8143-71729ACB2C46}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4294A731-9E8D-4F6A-8EDE-8FF6B7E1F96D}D:\games\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\games\day of defeat source\hl2.exe |
"TCP Query User{4760A9F5-0D84-4F67-9684-D58C3FEB151C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{4F6F1FDD-4B34-49AA-A94A-2E692E400F46}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{6CC32321-CDC6-403C-9E75-1B10C5ACC1E0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{74E50359-CAC1-4049-AE1F-98329F8D9CFF}D:\games\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=d:\games\flatout 2\flatout2.exe |
"TCP Query User{7B3CA050-97ED-43E7-8E1F-AA7AFFABA0CC}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{7CF4D801-26B3-4393-A940-09AF0991E5FC}D:\games\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\games\left4dead\left4dead.exe |
"TCP Query User{8376E4B6-36A7-4C11-9CBA-D650379587A2}D:\games\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\games\call of duty\codmp.exe |
"TCP Query User{90D6DCDE-9052-488E-92B5-6962C6EB6A35}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A22722A1-7BD6-4CDB-B620-19FEC6312C1E}D:\games\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\games\anno 1701\anno1701.exe |
"TCP Query User{A7AAEA6F-0F85-4B2A-AD09-60F994BB11E6}D:\games\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\games\counter-strike 1.6\counter-strike 1.6\hl.exe |
"TCP Query User{A7E88A75-316A-49B0-AFF0-23A6C2549288}C:\program files\artlantis render 4\qtsocketserver.exe" = protocol=6 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"TCP Query User{B47C65F0-AB82-4355-ABC1-E37A3872B308}D:\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\counter-strike source\hl2.exe |
"TCP Query User{CEE7552F-C5B7-4140-ACDE-A2B2C1686DE9}D:\games\defcon\defcon.exe" = protocol=6 | dir=in | app=d:\games\defcon\defcon.exe |
"TCP Query User{F08FEB1C-E9C7-4502-B8BA-37740D7A52B6}G:\games\multiplayer\call of duty\codmp (2).exe" = protocol=6 | dir=in | app=g:\games\multiplayer\call of duty\codmp (2).exe |
"UDP Query User{0667B88E-AF60-40BA-B050-3CBEB7BA4468}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1B72F74A-9489-46FB-9F5E-85E0ADF77324}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{234B1E64-B622-444E-94B8-23402721DC26}G:\games\multiplayer\call of duty\codmp (2).exe" = protocol=17 | dir=in | app=g:\games\multiplayer\call of duty\codmp (2).exe |
"UDP Query User{23EC61A1-570C-43BE-B801-0B05A2C37884}C:\program files\artlantis render 4\qtsocketserver.exe" = protocol=17 | dir=in | app=c:\program files\artlantis render 4\qtsocketserver.exe |
"UDP Query User{2B8488C0-DA09-431C-A672-5CFCC9B2C6A4}D:\games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=d:\games\battlefield play4free\bfp4f.exe |
"UDP Query User{2DED3371-4D01-450D-B829-D3D003076BEE}D:\games\call of duty\codmp (2).exe" = protocol=17 | dir=in | app=d:\games\call of duty\codmp (2).exe |
"UDP Query User{3C63EE2B-EA97-414C-98AD-24856EBF95CA}D:\games\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=d:\games\flatout 2\flatout2.exe |
"UDP Query User{530F1923-BCC3-4184-9072-F7F667260EAC}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5B73F878-B429-40DE-BCFD-199152A5812B}D:\games\defcon\defcon.exe" = protocol=17 | dir=in | app=d:\games\defcon\defcon.exe |
"UDP Query User{5F40CF64-D7C5-4B44-8C1C-3A81AC160AE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D320456-BBBF-4F99-B05D-D695AA762C66}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{7CF4B7FC-7B95-4881-9937-510E6CCAFDB1}D:\games\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\games\counter-strike 1.6\counter-strike 1.6\hl.exe |
"UDP Query User{80651B89-1395-4AF1-BEF4-1179171EF159}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{A7245F21-AC03-47B4-877D-959AAF679E31}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{AA8C0DEA-E343-45BA-A848-D8BA1A242926}D:\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\counter-strike source\hl2.exe |
"UDP Query User{AC1FA569-5776-444D-8452-1DE11CA27C61}D:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AFDDB22E-6510-4D21-9481-40D7C41B43A1}D:\games\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\games\day of defeat source\hl2.exe |
"UDP Query User{B2AA9C71-485B-4237-9D9C-AF77450DBA31}D:\games\left4dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\left4dead 2\left4dead2.exe |
"UDP Query User{C455D1C6-3ED8-4889-914C-727F30E92E38}D:\games\steam\steamapps\5dave\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\5dave\team fortress 2\hl2.exe |
"UDP Query User{C8D4B33C-E44E-4955-B27C-AE7607B9749C}D:\games\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\games\call of duty\codmp.exe |
"UDP Query User{D1968150-E083-457B-95C9-B76AEDD73ED8}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{D5646934-5CC4-4DBF-819B-66514A11E6D7}D:\games\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\games\left4dead\left4dead.exe |
"UDP Query User{EB9A34B9-45B6-4DED-A25E-0D3980CD45D2}D:\games\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\games\anno 1701\anno1701.exe |
"UDP Query User{EFC65DD0-527D-42C6-8F36-0F2F5F6BE9C2}G:\games\multiplayer\call of duty\codmp.exe" = protocol=17 | dir=in | app=g:\games\multiplayer\call of duty\codmp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7346B4A0-1200-0111-0407-705C0D862004}" = Revit Architecture 2012 Language Pack - Deutsch
"{7346B4A0-1300-0510-0407-705C0D862004}" = Revit 2013
"{7346B4A0-1300-0511-0407-705C0D862004}" = Revit 2013 Language Pack - Deutsch
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Autodesk Revit 2013" = Autodesk Revit 2013
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Wacom Tablet Driver" = Wacom Tablett
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66FDDF31-084D-49D7-99C2-0D3FE8A27763}_is1" = Dungeon Keeper Complete Collection
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6DC61284-C3F6-4628-96E2-9B07DDEAD672}_is1" = The Secret Of Monkey Island Special Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885843E7-6CAC-4791-B7BF-1CD516017954}_is1" = DLL Suite 2013
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_954" = Adobe Acrobat 9.5.4 - CPSID_83708
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Evaluation
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Allway Sync_is1" = Allway Sync version 12.3.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Autodesk Content Service" = Autodesk Content Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge Building Game" = Bridge Building Game
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defcon_is1" = Defcon v1.5 de rtl
"Episode 1" = Back to the Future The Game - Episode 1
"FileZilla Client" = FileZilla Client 3.6.0.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"LDraw2012-01" = LDraw All-In-One-Installer 2012-01
"MiniLyrics" = MiniLyrics
"Miranda IM" = Miranda IM 0.10.12
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoLimits Coasters full" = NoLimits Coasters 1.8 (remove only)
"Notepad++" = Notepad++
"OpenTTD" = OpenTTD 1.2.1
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"Steam App 10" = Counter-Strike
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 218" = Source SDK Base 2007
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 55230" = Saints Row: The Third
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"UnPowerItNow_is1" = UnPowerIt Now! 1.06
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"xampp" = XAMPP 1.7.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3838352072-3511492804-1055561887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"Episode 4" = Back to the Future The Game - Episode 4
"Episode 5" = Back to the Future The Game - Episode 5
"Network Addon Mod" = Network Addon Mod 31
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 16.04.2013 06:42:31 | Computer Name = #-PC | Source = DCOM | ID = 10005
Description =
Error - 16.04.2013 06:42:31 | Computer Name = #-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 16.04.2013 06:42:31 | Computer Name = #-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
|
|
16.04.2013, 12:39
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tapiui.DLL - Performance-Probleme & Absturz? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2013, 16:36
| #15 |
| | Tapiui.DLL - Performance-Probleme & Absturz?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
 Danke für die Hilfe! MFG |
|
| Themen zu Tapiui.DLL - Performance-Probleme & Absturz? |
| absturz, adobe, adobe after effects, antivir, avg, avira, bho, bonjour, desktop, error, explorer, firefox, flash player, format, google, hängen, install.exe, logfile, monitor.exe, mozilla, nvidia, object, opera, origin, plug-in, realtek, s3.amazonaws.com, scan, sketchup, software, spotify web helper, tablet, third party, usb, visual studio, windows |
Linear-Darstellung
