HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Guten Abend
Vor zwei Tagen hat auf meinem Computer Avira Free Antivirus Alarm geschlagen und den folgenden Virus gemeldet:
HTML/ScrInjec.BW.50
gefunden wurde er in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b
Ich verwende Windows 8. Auf meinem Computer ist aber auch noch Windows 7 installiert (auf einer anderen Festplatte). Meine eigenen Dateien sind auch noch auf zwei Partitionen aufgeteilt (Dateien und Videos/Fotos).
Per Google habe ich zu HTML/ScrInjec.BW.50 nichts brauchbares gefunden. Den Virus habe ich danach mit Avira in die Quarantäne verschoben. Danach habe ich ihn noch bei virustotal.com hochgeladen und dann wieder in die Quarantäne versetzt. Bei virustotal haben 4 der 43 Virenscanner angeschlagen. Den Link zum Resultat habe ich leider nicht mehr.
Jetzt bin ich mir sehr unsicher, ob der Computer noch infiziertes ist oder nicht. Deshalb habe ich dann einen Fullscan mit Malwarebytes gemacht. Er hat ein infiziertes Objekt gefunden. Soll ich die Log Datei anhängen?
Desweiteren habe ich wie gefordert den Scan mit OTL durchgeführt, hier die Resultate:
OTL.txt Code:
OTL logfile created on: 19.02.2013 21:32:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\** **\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS
Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
PRC - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.13 14:21:35 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.07 22:30:02 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.01 09:26:44 | 002,024,960 | ---- | M] (Michel Krämer) -- C:\Program Files (x86)\Spamihilator\spamihilator.exe
PRC - [2012.12.20 20:31:04 | 000,373,760 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010.08.24 09:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.01 09:26:45 | 000,279,040 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\sqlite3.dll
MOD - [2013.01.01 09:26:45 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\zlib1.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.05.21 18:14:50 | 000,149,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe -- (msvsmon110)
SRV - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.09 10:38:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.10.08 19:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.06.07 16:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.03.11 20:18:02 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2009.03.11 20:16:38 | 000,656,896 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2012.07.24 10:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 B7 BC A2 60 EA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.11.11 14:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions
========== Chrome ==========
CHR - homepage: hxxp://www.google.ch/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\** **\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Session Manager = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: YouTube = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Download Master = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\
CHR - Extension: Google Reader = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKCU..\Run: [Spotify] C:\Users\** **\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\** **\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E636EAB-DEAB-47B8-9E5D-203EA345D793}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE13D9F8-7CC3-4B02-B657-E6D38F5AAB4F}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.19 21:29:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2013.02.19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\MigWiz
[2013.02.17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes
[2013.02.17 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.17 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Nuance
[2013.02.17 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.16 22:42:20 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Internet Explorer
[2013.02.15 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\** **\Valley
[2013.02.15 15:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013.02.15 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013.02.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Avira
[2013.02.13 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.13 14:25:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:25:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:25:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.12 14:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2013.02.12 14:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.02.12 14:33:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.02.12 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Canon
[2013.02.08 11:13:41 | 045,673,536 | ---- | C] (Information Factory AG) -- C:\Users\** **\ptw12.exe
[2013.02.07 22:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013.01.24 21:07:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.01.24 21:07:29 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.01.24 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series
[2013.01.24 19:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.01.24 19:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013.01.24 19:54:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013.01.24 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.24 14:35:15 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Private Tax
[2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Information Factory
[2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\Information Factory
[2013.01.24 14:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Tax
[2013.01.24 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Tax 2012
[2013.01.22 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt
[2013.01.22 22:29:31 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\IsolatedStorage
[2013.01.22 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SysTools PDF Unlocker
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.19 21:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.19 21:30:41 | 000,000,000 | ---- | M] () -- C:\Users\** **\defogger_reenable
[2013.02.19 21:28:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.19 21:28:56 | 2507,448,319 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 21:25:34 | 000,374,784 | ---- | M] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2013.02.19 21:22:42 | 000,050,477 | ---- | M] () -- C:\Users\** **\Desktop\Defogger.exe
[2013.02.19 20:35:00 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001UA.job
[2013.02.19 18:44:48 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.19 18:44:48 | 000,828,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.19 18:44:48 | 000,774,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.19 18:44:48 | 000,188,018 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.19 18:44:48 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.18 22:35:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001Core.job
[2013.02.17 18:42:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.17 09:42:24 | 000,319,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 15:58:32 | 001,065,984 | ---- | M] () -- C:\Users\** **\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.08 13:04:25 | 000,089,969 | ---- | M] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.02.08 11:28:48 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.02.08 11:14:15 | 045,673,536 | ---- | M] (Information Factory AG) -- C:\Users\** **\ptw12.exe
[2013.01.29 21:19:56 | 000,004,472 | ---- | M] () -- G:\Eigene Dokumente\testdatabase.odb
[2013.01.29 18:31:37 | 000,002,937 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:18:36 | 000,030,720 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[2013.01.24 17:51:41 | 000,001,058 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.22 22:29:24 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.19 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\** **\defogger_reenable
[2013.02.19 21:29:37 | 000,374,784 | ---- | C] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:29:37 | 000,050,477 | ---- | C] () -- C:\Users\** **\Desktop\Defogger.exe
[2013.02.17 18:42:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.17 09:42:21 | 000,319,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 20:29:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.15 15:49:11 | 001,065,984 | ---- | C] () -- C:\Users\** **\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.08 13:04:25 | 000,089,969 | ---- | C] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:31:35 | 000,002,937 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:18:35 | 000,030,720 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[2013.01.29 17:59:11 | 000,004,472 | ---- | C] () -- G:\Eigene Dokumente\testdatabase.odb
[2013.01.24 21:08:26 | 000,013,056 | ---- | C] () -- C:\Windows\SysWow64\CNC174AD.TBL
[2013.01.24 15:39:14 | 000,000,818 | ---- | C] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saison 2013.lnk
[2013.01.24 14:27:35 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.01.22 22:29:24 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk
[2012.12.22 16:46:13 | 001,882,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.05 16:04:12 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.11.13 17:49:35 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.11 14:06:43 | 000,007,605 | ---- | C] () -- C:\Users\** **\AppData\Local\Resmon.ResmonCfg
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[2013.01.19 13:42:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.05 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Apowersoft
[2013.01.22 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt
[2013.02.12 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Canon
[2013.02.19 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Dropbox
[2012.12.19 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\e-academy Inc
[2013.01.24 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Information Factory
[2013.01.13 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\LyX2.0
[2012.11.20 21:38:42 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Notepad++
[2013.02.17 16:11:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Nuance
[2012.11.11 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\OpenOffice.org
[2013.01.19 12:11:30 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Origin
[2013.02.19 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spamihilator
[2013.02.19 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spotify
[2012.12.03 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Steganos
[2012.12.21 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Stellarium
[2012.11.17 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\TeamViewer
[2012.11.11 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report > extras.txt Code:
OTL Extras logfile created on: 19.02.2013 21:32:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\** **\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS
Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0156CC-1BD5-4338-8F5C-C469531C072E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0EF64744-4ECA-401B-B42A-20D951EDFE60}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CFC6199-04DC-4E26-BFD5-F9A451454C35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FFCFFFA-B51B-4E47-9143-310E543479B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21AF5A53-AED0-4465-995A-E85BF2CEEF49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E730B60-5FA6-4C84-9435-AD59CC1905EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3415F9CA-F65A-4BF8-8B44-A1C6F0CD78C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{386F563D-83A2-4CEE-8E16-848222850A73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DEC5D15-A115-4008-B985-0440CA21843F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A75EC33-9AAC-4EAE-B7E1-E96F2F30D9EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5555CAC0-C4A8-4DB0-A0E3-67354B86B1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79A1A42E-24A4-43EC-9E72-FC627758E1AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{88BAE950-47A4-499C-9171-5C55044665C0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{8B42C9CD-8B93-4D84-AE02-1B6E30924D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90152997-E307-43FF-BB7C-FDD4430138AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970FB209-4424-4484-8CB0-BE5C8950F8E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{A34B0D0C-5D39-4899-B33E-42B9CFC665CD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C370217D-7437-453A-9812-8ACC2FA91CC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB7633F0-BCF9-49E4-A831-152DF9F80AF4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6383789-04EB-41E1-A1FA-FCC5F0D26CC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F750C3F1-ACCF-4184-9AE8-CCC75B30C080}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB8DC12-2194-4F4E-A4AC-6DC77A451390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0400CD16-0A01-408D-B0AA-12C7C1A0CCBA}" = dir=out | name=search.ch |
"{06F404EB-463A-4A33-AB1D-DCE2FD53BDE6}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe |
"{0A99520E-DA62-4515-BA1B-B43ED06DC302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F656C5A-7536-479C-9A6E-61F03C17579B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{14256438-6A95-4382-B3CF-AF2273C11C98}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{165147DB-B144-4EBE-BA4B-DCC746632824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{168A0286-B960-4CE8-AC60-5BA19DD6ACB7}" = dir=out | name=onenote |
"{16D13CFD-DFFC-4C5B-8E5A-6EAC118E33AE}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{17E14C19-F914-4DE2-9393-E3A586C36341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1DD746C2-7DCA-40AD-ADCC-F81AE3CA643E}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{2088B70E-3BDA-4D43-816C-5607B36A9C51}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{28ECFE5F-687C-4591-B47D-6AD1D53BD583}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2A888A1D-A5D0-4C97-AF38-C233AC1D6884}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BF66853-9ED6-40BE-A564-5F9CE0700420}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{2D26DAF6-9A8A-4CDB-B018-FF56D8DD98F0}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2E1CC82F-E270-4DD3-8C92-0A7BA64367CA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3056B10A-76B4-4AC4-91BE-B5AD3CBF293A}" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe |
"{30E6473C-1B7D-48F2-9CA7-E91D1FEAEB5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{314BB11D-8144-4CB6-9D4C-D33877D72EAA}" = dir=out | name=@{pons.wrterbuch_1.4.0.39_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} |
"{320DC909-24AA-4551-A3D5-E8EC55B78374}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{35CEA768-DE42-48E3-BA87-247CC0B31BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{387E2009-B01D-4452-B935-C7D289C277A3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{3C5240AD-5811-410C-B1A6-2AA9415E994B}" = dir=out | name=lightning timer |
"{3FF31916-DAC9-4888-86D7-E9E4DE8CB359}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{446B51CA-7D4E-4A0A-A46B-60CB1FD84DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{44C5BCD1-B306-45FA-A961-69FBF4E185B8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{48F9BDBF-5FC1-4D8C-9B04-7C1E4F7E0E71}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{49808C1C-1829-4E4E-9A62-4CA5C1F6D6F7}" = dir=in | name=onenote |
"{49CD620D-C63F-4038-B5AF-771AA94F78B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4E6BC844-3A54-4A78-AE69-309588223886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{517E1212-2CF4-47A2-A83C-5160AD6D871A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5875A9A6-7EC0-4B5C-A18F-BDD7E9BEBD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4CC1A3-D854-4250-B919-A952256EDAB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA00D3E-1CDF-4E06-ABFA-A2E5AFA49612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{634247FB-1EC8-48E5-B0B6-33327573F68A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{659B81FA-3A44-4FD3-ABFF-0598D8F36E27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65AAA41C-097A-418B-8A69-6534837FA1AD}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6D83B832-1F0F-4C71-9279-A974EBCAC090}" = dir=out | name=tagi-news |
"{6FE701B5-A4B4-450C-BDAE-C897CE641593}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe |
"{7189BFF9-F7AE-4333-A629-64536842024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6A703E-A22A-432C-B20F-381C615419CC}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{7DDC3E75-AFFF-4CBE-806A-0164FA589AE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{7FB905C2-5F4C-46BD-8029-7A3609D79027}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F52B9D-1BEB-4042-BFCF-88BD6A7F4095}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8824C4B1-5428-4E01-91E9-BF81C754A718}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8B5F35D9-608F-4E7A-9430-CDDDC58B8AAA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{8C0377A9-66D9-4A42-92D1-F7AB5050E569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E0D2484-391F-4A89-B6E2-0875E5758334}" = dir=out | name=canon inkjet print utility |
"{92F75B6D-62FF-4324-A93C-6CE3FA7587D9}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe |
"{9D14D3DF-C15A-4464-9849-6BC8280442D0}" = dir=out | name=wikipedia |
"{A36B9A79-6E03-45DD-9427-2501A81DF464}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AB0F63B6-8F3C-4EE8-B83F-F0B867BF56DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AFDEC594-1189-4BA6-8E06-BAE4CB1B0A49}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B08F5149-5703-44E8-ADD3-A827CD5109BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B3012288-6DD3-4461-A5E2-6FA2D8ED4123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B47B43B6-7A04-4B31-B0BF-3F4EEFC215A8}" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe |
"{C4DC9694-3E66-4BB4-9346-B74712554E66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBC25E8D-8CD4-436E-A092-E7A2C0D16297}" = protocol=6 | dir=out | app=system |
"{CBD8AB40-B882-4569-9380-32288A1EBA70}" = dir=out | name=zattoo live tv |
"{CF6655A1-A111-459D-A416-DAB5161D39BB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DBA526E9-8CFA-4BB8-BB40-1AC639239BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD9569C1-84CA-403F-AD90-523303C4B042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E02041B5-E708-480A-9F78-087623E07D99}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe |
"{E32543DF-DB41-4373-B396-FEBE391D0388}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EFA5CAB9-F92B-4762-8460-DD2E57AFF7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4B50D65-9E75-471D-9BC6-27352A3B1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"{FA78BCFA-AD28-4BCE-873E-16408A168043}" = dir=out | name=swiss phone book |
"{FD62C578-04BE-45C9-8FD7-DCC9D1F4F15F}" = dir=out | name=cut the rope |
"{FF51A4FD-51A6-4A9E-8993-902212BEE34B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC0BEF7-CB3C-4995-83FD-556C27828141}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"TCP Query User{0B02FC0E-D50F-4D2B-84F0-7D107CF8147B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{1D4FBF0C-19D2-4678-AFF3-1668D38656CE}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"TCP Query User{294DCE27-7DE2-4077-93F5-55C96F53C455}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{323CC57D-7D93-45C6-880E-503C60E5D4BC}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"TCP Query User{51A64849-E672-4A7A-8B54-9F57AADE27CB}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C766B9F0-754D-48E3-950F-885ECB377E87}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{14339A0C-C842-4264-A19F-656479B72EFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1452CF19-620F-4C7C-B532-457371C4EB47}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"UDP Query User{33B95583-DBCD-4CD4-B3EC-1ED7A7568654}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe |
"UDP Query User{404C5273-7161-4575-B48C-A336697E4E84}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{82E71039-E722-430E-AF4A-0191F7EB5FA5}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DD548ADC-FDCC-4C0A-A9FE-F9217A8D17C9}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}" = PlayReady PC Runtime amd64
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4DD6FB52-0704-4B46-B74E-8010084F33FC}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU
"{988D34CA-25EC-3FDD-95E9-04EE09BC2C85}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB980FC0-2070-43DC-A985-2B1F8F7852F1}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC- DEU
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF58CE95-2DDC-3EE3-A538-71A7646B0EBE}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Stellarium_is1" = Stellarium 0.11.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" = Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{247a1070-c6e4-426b-af1d-5c7942d3ee06}" = Remotetools für Visual Studio 2012 RC
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"6753-7911-9438-6061" = Private Tax 2012 2.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FreePDF_XP" = FreePDF (Remove only)
"LyX2051" = LyX 2.0.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Star Trek Online" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2013 09:38:11 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 944 Startzeit:
01ce092596f71553 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Berichts-ID:
6f650958-7519-11e2-be79-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 12.02.2013 09:41:21 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 99c Startzeit:
01ce0926362b3117 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Berichts-ID:
dff4cde0-7519-11e2-be79-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 12.02.2013 11:51:58 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
Zeitstempel: 0x50108b02 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010137 ID des fehlerhaften
Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0x01ce092ba5db1112 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll Berichtskennung: 21c2e626-752c-11e2-be79-50e5494291c5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 14.02.2013 04:36:28 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ wurde nicht innerhalb
der vorgesehenen Zeit gestartet.
Error - 15.02.2013 08:27:39 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xd0c Startzeit der fehlerhaften Anwendung: 0x01ce0b5b40d12560 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 15831ca8-776b-11e2-be79-50e5494291c5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 17.02.2013 05:04:14 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 17.02.2013 08:56:12 | Computer Name = **s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$ROFOSPA.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RR4UA00.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RO4ZCDP.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 17.02.2013 11:11:27 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: natspeak.exe, Version: 11.50.100.39,
Zeitstempel: 0x4dea2dff Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871,
Zeitstempel: 0x4fee6073 Ausnahmecode: 0x40000015 Fehleroffset: 0x0005beae ID des fehlerhaften
Prozesses: 0xfd8 Startzeit der fehlerhaften Anwendung: 0x01ce0d2109fc584b Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\natspeak.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll
Berichtskennung:
4c70e97d-7914-11e2-be7b-50e5494291c5 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
959 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 19.02.2013 11:41:52 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 19.02.2013 11:42:43 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 19.02.2013 16:28:16 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 19.02.2013 16:29:15 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x200000000898c. Der Name der Datei ist "\.Trash-999".
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x200000000898e. Der Name der Datei ist "\.Trash-999\files".
Error - 13.02.2013 16:56:29 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 13.02.2013 16:56:30 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 13.02.2013 16:56:33 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
40.
Error - 15.02.2013 13:54:19 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 04:42:29 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 03:54:27 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 11:42:36 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 19.02.2013 16:29:04 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report > und danach auch noch den Scan mit GMER. Dort habe ich allerdings rechts nur C:\, also die Systemplatte von Windows 8 angekreuzt. Bei Avira habe ich den Echtzeitscanner deaktiviert, vollständig ausschalten habe ich nicht hinbekommen (Ich habe es über den Taskmanager probiert, aber es hat nicht geklappt.) Ich habe das anonymisierte Resultat als Datei angehängt, weil der Beitrag sonst zu lange ist.
Mit freundlichen Grüssen
Edit: Ich habe die Datei auch noch an Avira eingesendet, das Resultat ist hier zu finden:
https://analysis.avira.com/en/status?uniqueid=NY1XbWJ7I14gdD1QbJ9dxF8GtCKfC2OW&incidentid=1373002 |