| |
| |||||||
Log-Analyse und Auswertung: Verlinkungen zu ClickcompareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.05.2013, 18:52
| #1 |
 |  Verlinkungen zu Clickcompare Guten Abend, ich habe seit einiger Zeit das Problem, dass manche Wörter auf Webseiten unterstrichen sind und zu der Seite clickcompare weiterleiten. Durch die Google Suche bin ich auf das Trojaner Board aufmerksam geworden, weil es die einzige Seite war, die Lösungen wusste. Ich habe bisher nichts unternommen, weil mein Virenscanner (Avira Free Antivirus) nichts zu meckern hatte, mich das aber irgendwann gestört hat. Ich bin nicht sehr bewandert, was solche Dinge angeht, aber ich habe versucht die Seite "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" durchzugehen. Bei GMER gab es Probleme. Die Fehlermeldung habe ich angehangen. Mein Virenscanner lies sich danach auch nicht mehr einschalten. :-( Schon einmal vielen Dank für die Hilfe! VG Lima Code:
ATTFilter OTL logfile created on: 26.05.2013 19:03:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,86 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 64,59% Memory free 11,73 Gb Paging File | 9,23 Gb Available in Paging File | 78,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 254,66 Gb Free Space | 60,55% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.26 19:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lima\Downloads\OTL.exe PRC - [2013.05.26 18:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Lima\Downloads\Defogger.exe PRC - [2013.05.08 06:45:36 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2013.04.22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe PRC - [2013.04.22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2013.03.20 13:20:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 13:19:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe PRC - [2013.01.18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe PRC - [2013.01.17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2013.01.10 09:22:13 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.11.01 17:05:52 | 000,536,216 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe PRC - [2012.10.17 11:29:54 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.10.17 11:29:40 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.10.06 04:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.07 04:04:19 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2012.06.13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe PRC - [2012.04.16 09:17:10 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.16 09:17:06 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.16 09:17:02 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.04.16 09:16:54 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.23 05:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.20 16:08:36 | 000,066,608 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe PRC - [2012.02.17 03:35:18 | 001,876,992 | ---- | M] (LENOVO) -- C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe PRC - [2012.02.05 20:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.12.13 11:23:04 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.12.09 15:45:00 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2011.12.08 11:12:40 | 000,291,272 | ---- | M] () -- C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe PRC - [2011.01.28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2013.05.26 18:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Lima\Downloads\Defogger.exe MOD - [2013.05.16 06:30:12 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013.05.16 06:30:12 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.16 06:16:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.16 06:16:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.16 06:16:02 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.16 06:16:00 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.16 06:15:56 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.16 06:15:53 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.01.10 22:19:50 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.10 22:19:31 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 09:24:24 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:24:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 09:24:08 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 09:24:06 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 09:24:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.01.10 09:22:13 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.01 19:00:38 | 002,025,624 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll MOD - [2012.11.01 17:05:52 | 000,536,216 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe MOD - [2012.11.01 14:47:14 | 008,748,696 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll MOD - [2012.11.01 14:47:00 | 002,950,296 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll MOD - [2012.11.01 14:46:50 | 000,308,376 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll MOD - [2012.11.01 14:46:48 | 004,070,040 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll MOD - [2012.11.01 14:46:36 | 001,710,232 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll MOD - [2012.11.01 14:46:34 | 001,596,568 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll MOD - [2012.11.01 14:46:34 | 000,320,664 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll MOD - [2012.11.01 14:46:20 | 000,135,832 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll MOD - [2012.11.01 14:46:16 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll MOD - [2012.10.17 11:30:24 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.10.06 04:14:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.08.07 04:04:19 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.12.08 11:12:40 | 000,291,272 | ---- | M] () -- C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe MOD - [2011.06.28 08:28:38 | 000,042,496 | ---- | M] () -- C:\PROGRA~2\Lenovo\LENOVO~2\QTKB.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.06 13:55:34 | 000,123,952 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\SysNative\BootShieldSvc.exe -- (BootShieldSvc) SRV:64bit: - [2010.12.17 10:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2013.04.22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2013.03.20 13:20:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 13:19:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.10.17 11:29:40 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.04.16 09:17:10 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.16 09:17:06 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.16 09:17:02 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.04.16 09:16:54 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.03.07 02:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.25 00:23:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.23 05:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.20 16:08:36 | 000,066,608 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe -- (LenovoSmartConnectService) SRV - [2012.02.05 20:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.12.13 11:23:04 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2011.12.13 11:06:38 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.20 13:20:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.20 13:20:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.20 13:20:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2012.12.10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2012.12.07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012.10.17 11:13:38 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.10.17 11:11:38 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.07 13:18:56 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.08.07 04:10:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.08.07 04:10:08 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.05.31 17:06:50 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.04.16 17:18:18 | 000,031,536 | ---- | M] (Lenovo Corporation") [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootShield.sys -- (BootShield) DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.23 05:24:00 | 000,030,016 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.02.17 19:28:56 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.02.16 09:28:38 | 000,061,744 | ---- | M] (Lenovo Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BootShieldfltr.sys -- (BootShieldfltr) DRV:64bit: - [2012.02.06 12:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012.02.01 10:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.13 00:03:36 | 000,008,192 | ---- | M] (TODO: <Company name>) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LAD.sys -- (LAD) DRV:64bit: - [2012.01.05 08:26:18 | 000,085,080 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.12.15 00:25:40 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2011.12.13 11:15:22 | 000,290,464 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.12.13 11:14:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.12.13 11:14:20 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.12.13 11:14:04 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.12.13 11:13:50 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.12.13 11:13:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.12.13 11:13:18 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.12.13 11:13:04 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.12.06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.05 10:05:26 | 001,600,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.11.10 14:40:26 | 000,401,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.10 09:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.10 09:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=hp&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.4.0 FF - prefs.js..extensions.enabledAddons: foxyproxy-basic@eric.h.jung:3.1.4 FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.11 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&installDate=19/05/2013&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.th-wildau.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.th-wildau.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 00:29:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.01 00:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Extensions [2013.05.21 21:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions [2013.05.19 11:34:53 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2013.05.10 12:01:46 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\foxyproxy-basic@eric.h.jung [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.04.17 17:36:05 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.09 11:35:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.19 11:34:26 | 000,002,433 | ---- | M] () -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\searchplugins\Web Search.xml [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (PriceGong - Price Comparison) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll (PriceGong) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Programme\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe (LENOVO) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Intelligent Touchpad] C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe () O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital) O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [awde7zip23650] File not found O4 - Startup: C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02894572-44C7-4E89-8C98-263869B65AD4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell\AutoRun\command - "" = E:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.26 18:56:17 | 000,000,000 | ---D | C] -- C:\Users\Lima\Local Settings [2013.05.26 18:56:15 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.26 18:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.05.19 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.05.19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC One S [2013.05.19 11:46:58 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\MyPhoneExplorer [2013.05.19 11:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2013.05.19 11:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong [2013.05.19 11:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.05.19 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2013.05.18 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Outlook [2013.05.18 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\HTC [2013.05.18 21:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.05.18 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC [2013.05.18 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.05.18 21:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.05.18 21:41:55 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Downloaded Installations [2013.05.18 21:36:27 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.16 19:31:27 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\Neuer Ordner [2013.05.14 06:12:37 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Research In Motion [2013.05.14 06:12:36 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Research In Motion [2013.05.14 06:11:08 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys [2013.05.14 06:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry [2013.05.14 06:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion [2013.05.08 06:46:00 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Western_Digital_Technolog [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital [2013.05.05 18:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.05.05 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads [2013.05.05 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.26 18:58:39 | 000,000,000 | ---- | M] () -- C:\Users\Lima\defogger_reenable [2013.05.26 18:56:15 | 000,001,180 | ---- | M] () -- C:\Users\Lima\Desktop\Check for Updates.lnk [2013.05.26 18:32:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 18:32:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 18:31:27 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.26 18:31:27 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 18:31:27 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.26 18:31:27 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 18:31:27 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.26 18:25:32 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.26 18:25:18 | 000,372,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.26 18:25:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 15:52:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.19 11:53:57 | 001,641,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.19 11:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.08 06:45:44 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:02:55 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:20:06 | 000,000,121 | ---- | M] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.26 18:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Lima\defogger_reenable [2013.05.26 18:56:15 | 000,001,180 | ---- | C] () -- C:\Users\Lima\Desktop\Check for Updates.lnk [2013.05.24 15:52:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 19:59:36 | 000,001,171 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.19 11:32:58 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.05 18:36:55 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.05 18:02:55 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:19:54 | 000,000,121 | ---- | C] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [2013.04.13 18:17:26 | 000,000,063 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.09 18:21:38 | 000,000,133 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\AbsoluteReminder.xml [2012.12.12 15:42:58 | 000,004,608 | ---- | C] () -- C:\Users\Lima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.05 12:01:29 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.11.30 18:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.07 04:04:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.08.07 04:04:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.08.07 04:04:26 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.08.07 04:04:26 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.08.07 04:04:16 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.08.07 04:02:18 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini [2012.03.12 04:00:49 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.12 04:00:43 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.12 04:00:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.12 04:00:32 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.08 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Amazon [2013.02.22 22:53:45 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Babylon [2013.04.10 11:43:36 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Canon [2013.05.26 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Dropbox [2012.12.19 09:26:24 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\e-academy Inc [2013.05.26 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\HTC [2012.11.30 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Leadertech [2013.05.26 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\MyPhoneExplorer [2013.05.18 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Outlook [2013.05.14 06:13:10 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Research In Motion [2012.12.01 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Western Digital ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.05.2013 19:03:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,86 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 64,59% Memory free
11,73 Gb Paging File | 9,23 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 254,66 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS
Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E25C303-3F46-4861-89D6-F3FC554F4A8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E33E162-F32C-46C8-8C16-97A975C6B163}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1773DF9D-DC9F-4065-B10D-7B7830297E67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{497DCA40-FE8A-4751-BB8B-D3A6B381272C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A6AA537-1257-48F8-904D-AF1677FE32D8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{57ED3142-7568-4BFD-9F7B-07D92363EAF7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{64BCC032-A3C1-4342-A9CC-1085A936B42F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{658B8B1E-39F1-4EEA-A267-A0AFB9C27B0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F588A40-E95D-4575-8357-04F8F88C2631}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70B2E7C6-4BF2-4848-A392-522569FC550E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{771994CF-D450-47DA-A9C4-6BA542BDD3CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B7EAFAB-B95F-4D4E-8043-7DEA449B6DA2}" = lport=137 | protocol=17 | dir=in | app=system |
"{86440D3B-6E86-4841-9401-EFA59581DC47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BE989E3-6179-4E88-AA9F-59AFB7471D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C8089CA-CEDD-400E-AA39-754CC6EF6124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8DCC8DC9-D127-40E7-B6E8-D23247DE656C}" = lport=445 | protocol=6 | dir=in | app=system |
"{96867D2F-13C3-40F8-B1C0-5F52495A18ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E32BFD6-C744-4D6E-99C6-3BCA16D3738C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BF08E5-9CE8-4047-B4DC-6648BDF653D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A684099A-8343-4943-974B-3CBC7548CCF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC964D3A-2B95-43B0-811C-D57B8DA0761D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0C66970-4AEF-4055-B96B-AA7D1CB93CF6}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B220E529-4E9B-4190-BE9C-CADA4E613AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA69C307-A650-4344-BF80-35B93FBA25EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D81935-13B0-421D-97D8-3DEBC64EABE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{D44290D8-7B96-46AC-A2E2-1A5422A734B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D89D4BCD-88DD-4745-9341-424A2A39061F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F340092D-C0D6-47EC-8FBF-016365384717}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F548BF32-D195-4B94-83E4-3CD182FCE365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD99A8AA-A122-45A3-A728-3EA8686CBD41}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091C2D43-0EA1-4286-B6B7-E5A775BF9D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D8B5CA6-82ED-4C9B-AC9F-548F4BBBC8EC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{18F43A58-D120-4E70-B799-ACBE27BAA37F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CC60F45-C9FB-4D45-B2D4-E0913AD69174}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2239A0AF-4286-405D-BB83-4283768F7DEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25C96FD3-65F8-4DEE-B9E8-5B970B5A9C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48FF034E-ACC4-4F79-93AB-1D79A70D6641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50ECD31A-CD16-4F05-BD8D-0B0A2597BE3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52399B1D-F48E-4516-B809-008751AFED9F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65304ADC-0475-4C14-ABE5-AFCC31A5293B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66A7C4F7-696C-4762-9D90-B3B1464E3635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66D03B45-E1D4-4526-B8D0-4061C7590246}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{69B2F912-3BA3-4466-AA9D-54C8D1E14BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{69DAC5FE-81C3-41EA-B72D-570929F3472B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BD7A343-1303-4919-9A7C-CD058327FF7F}" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"{6DC38FF4-D28E-4F0F-88C0-DBE3961B1E81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75F3D00B-4823-4397-BF37-EB20325249EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DDEF40C-E3EB-4A9C-BC31-614601C845ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8873E082-F6CE-435F-9260-BEBF30B3862C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9296D1A2-7035-446C-A074-4C2A0246085B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{956924ED-5DD3-4D83-9FAB-8ECD7F4788AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9639C388-CD66-42A8-A4AF-4F0299A79E90}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A21E4F2F-584B-42C2-AF8E-5B4A879A25FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A970E38D-1059-410F-A048-D49D7768CFF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A98F016D-0016-4677-8554-640B1B4A91DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEC01BAE-3EF9-41B5-ACB9-19484514C472}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0F50AF4-B96E-4FC6-BAD9-A7D24DD2F7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{B82965C3-F95D-47B4-94E9-26D0A5E13F24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEABFB44-1EC4-496C-8813-2E4A88AB60C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF918321-FA91-4ABF-BF27-706A69E85000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E102B04B-BF6F-4465-9066-DD5A7D4B8336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E292904D-25C2-44D9-A719-5369F31CE94D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E46BEDE8-7EA6-4E19-930E-6D7B6EEF4874}" = protocol=6 | dir=out | app=system |
"{F6D3B39E-035F-43A5-9000-99620C6CDBD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F73FE742-BD68-49C2-9C48-F296A27DBC30}" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{08C57763-E83E-4ACC-A5F8-9AF96E0D5225}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A848053E-90F9-4512-9C2E-993F64F30842}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{83E68458-AF28-4CA4-8AFC-595A10307290}" = LenovoDrv_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5E61CDC4058A17FE9BE3046B1846F3118CD618B1" = Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2)
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07C70C1E-E746-482A-82F9-943F024708CF}" = Alcor Micro USB Card Reader
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}" = Lenovo Smart Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{439A51F7-84B1-4603-BEC8-647EB2AC307F}" = WD Drive Utilities
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = BootShield
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013 Professional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FilesFrog Update Checker" = FilesFrog Update Checker
"GeldProfi_is1" = GeldProfi 2.11.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PriceGong" = PriceGong 2.6.11
"SugarSync" = SugarSync Manager
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
371 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ OSession Events ]
Error - 01.04.2013 08:20:03 | Computer Name = Lima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 219
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.05.2013 14:23:13 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 00:18:19 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 07:59:40 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 15:26:34 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error - 25.05.2013 10:07:58 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error - 26.05.2013 04:52:14 | Computer Name = Lima-PC | Source = DCOM | ID = 10010
Description =
Error - 26.05.2013 04:53:37 | Computer Name = Lima-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 26.05.2013 11:53:42 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 26.05.2013 11:55:36 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Blackberry Device Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 26.05.2013 12:25:24 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
| Themen zu Verlinkungen zu Clickcompare |
| antivirus, avira, bho, bonjour, desktop, error, failed, firefox, flash player, google, helper, home, iexplore.exe, install.exe, logfile, nvpciflt.sys, problem, realtek, registry, scan, security, siteadvisor, software, somoto, svchost.exe, trojaner, trojaner board, unterstrichen, windows, wörter |
Baum-Darstellung