| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter SystemcheckWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.03.2013, 20:56
| #1 |
 |  SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Trojaner-Board User, seit dieser Woche funktioniert mein Windows Explorer nicht mehr richtig. Er stürzt immer schon ab, wenn ich links in der Ordnerstruktur nur das Kontextmenü aufrufe. Weitere Aktionen sind nicht möglich. Da ich eine .iso auslesen wollte, habe ich Deamon Tools Lite installiert. Dies habe ich nun wieder deinstalliert. Problem mit dem Explorer ist aber geblieben. Ich werde Euch mal alles posten, was ich dazu habe. Sollte etwas fehlen, bitte ich um Hinweise, wie dies zu posten ist. Anschließend würde ich gern ein Systemcheck machen und somit erfahren ob noch alles clean ist. Hinweise: Bei Schritt 1 und 2 habe ich KIS mitlaufen lassen. Bei Schritt 3 nicht. Nach den Checks fuhr mein PC nicht mehr herunter. WIN 7 Ultimate x64 Da ich schon Erfahrung in diesem Board sammeln konnte, weiß ich, was die Helfer hier für eine Arbeit leisten und möchte mich schon einmal vorab bedanken.  PC-System: Code:
ATTFilter Betriebssystem
Microsoft Windows 7 Ultimate 64-bit SP1
CPU
Intel Core i7 930 @ 2.80GHz 45 °C
Bloomfield 45nm Technologie
RAM
6,00 GB Trippel-Kanal DDR3 @ 534MHz (8-8-8-20)
Motherboard
ASUSTeK Computer INC. Rampage II Extreme (LGA1366) 29 °C
Grafik
H243HX (1920x1080@59Hz)
1535 MBGeForce GTX 580 (ASUStek Computer Inc) 35 °C
Festplatten
119GB OCZ-VERTEX4 ATA Device (SSD)
932GB SAMSUNG HD105SI ATA Device (SATA) 25 °C
466GB SAMSUNG HD503HI ATA Device (SATA) 22 °C
1863GB SAMSUNG HD204UI ATA Device (SATA) 22 °C
Optische Laufwerke
TSSTcorp CDDVDW SH-S223C ATA Device
Audio
High Definition Audio-Gerät
Firewall Aktiviert
Display Name Kaspersky Internet Security
Antivirus
Antivirus Aktiviert
Display Name Kaspersky Internet Security
Virus Signature Database Up to date
Internet Explorer
Version 10.0.9200.16521
PowerShell
Version 3.0
Java
Java Runtime Environment
Pfad C:\Program Files (x86)\Java\jre7\bin\java.exe
Version 7.0
Aktualisieren 17
Build 02
Code:
ATTFilter Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859, Zeitstempel: 0x4fd2dfec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000504aa
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0x01ce26497952eecc
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung: b97fcbd6-923c-11e2-afac-e0cb4e977cc1
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:21 on 21/03/2013 (OXOMOXO)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 21.03.2013 19:29:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free 11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32 Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.21 19:12:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt\OTL.exe PRC - [2013.02.26 19:18:28 | 008,347,272 | ---- | M] (AceBIT GmbH) -- C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.08 22:27:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.05 16:03:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.17 17:26:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.06.28 19:48:10 | 005,924,712 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.06.28 19:47:40 | 001,133,392 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.11.15 17:44:36 | 002,155,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.11.16 21:41:04 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.11.16 21:41:04 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.09.30 17:36:25 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.09.30 17:36:25 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.31 14:55:13 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.08.31 14:55:10 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.06.16 20:25:30 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.06.16 20:21:51 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.16 20:21:49 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.06.16 20:21:48 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.06.16 20:21:48 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.04.25 22:26:25 | 000,072,480 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.07 17:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.22 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.01.29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.26 10:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2009.08.26 10:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2009.08.26 10:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 08 42 BD 42 F2 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{06147D0B-3E6D-4F2B-9E14-73283861B7B1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3266822E-E7AC-4C78-8D31-B5C47706CED5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{35EEE4DB-B189-452C-99FE-714F13F28999}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{6AEF6E0A-71D1-4D6F-B13F-3AE1249E62CC}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=&search={searchTerms} IE - HKCU\..\SearchScopes\{96706323-4C6D-4ECA-B5A5-F54664802C08}: "URL" = hxxp://www.google.at/search?q={searchTerms} IE - HKCU\..\SearchScopes\{B49B91C3-ECC9-410B-B47E-E11BDA4787BD}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr" FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: flashkiller%40joli.clic:1.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.5.48.1 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.4.0 FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.3 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.http: "193.27.209.200" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2013.03.04 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] [2011.07.21 06:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Extensions [2013.03.21 16:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions [2013.02.22 15:29:23 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.03.15 23:07:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.01 23:33:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.01.14 17:58:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2013.02.23 21:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.14 23:42:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com [2012.05.16 19:49:14 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\fb_add_on@avm.de [2013.03.03 15:25:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.05 18:36:15 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\anticontainer@downthemall.net.xpi [2011.07.22 10:56:05 | 000,120,125 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\dtaScheduler@forboden.com.xpi [2012.07.06 22:04:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.02.23 16:26:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\firebug@software.joehewitt.com.xpi [2011.07.22 04:56:50 | 000,028,950 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\flashkiller@joli.clic.xpi [2013.03.03 15:25:38 | 000,389,938 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013.02.10 14:10:53 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\stealthyextension@gmail.com.xpi [2013.01.29 17:31:23 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.03.07 21:57:08 | 000,348,483 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011.07.22 04:56:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.02.09 20:50:48 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2012.02.26 14:44:28 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013.03.03 22:14:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.14 23:42:51 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.21 16:19:21 | 000,014,044 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013.02.14 11:45:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.29 20:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.15 15:54:58 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.03.02 15:27:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.12.11 18:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2011.07.22 10:58:38 | 000,001,632 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\firefox-add-ons.xml [2012.08.31 16:16:02 | 000,002,492 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\ixquick-https.xml [2011.07.22 10:58:26 | 000,004,140 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\youtube.xml [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.04 00:17:30 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES (X86)\ACEBIT\PASSWORD DEPOT 6\FIREFOX [2012.12.20 21:03:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.10 20:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 20:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 20:08:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 20:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 20:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 20:08:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O4 - Startup: C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4D7B0E-AD50-43C6-9EDB-1996E49EC5B7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70B23B1-6204-418A-8226-B226FD078D91}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.16 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite [2013.03.16 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.03.11 22:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.08 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.07 23:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.07 23:15:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.07 23:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.07 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\REINER SCT [2013.03.07 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REINER SCT [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.21 19:21:16 | 000,000,000 | ---- | M] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.21 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 16:35:35 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.21 16:35:35 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.21 16:35:35 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.21 16:35:35 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.21 16:35:35 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 16:27:04 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.21 16:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 19:40:38 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.07 23:24:13 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2013.03.04 00:17:31 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk [2013.03.03 14:54:56 | 000,001,061 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.21 19:21:16 | 000,000,000 | ---- | C] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.21 16:26:55 | 000,416,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.13 19:40:38 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.07 23:15:13 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.06.19 17:45:09 | 000,004,096 | -H-- | C] () -- C:\Users\OXOMOXO\AppData\Local\keyfile3.drm [2012.02.23 23:53:04 | 000,003,584 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.18 02:23:17 | 000,007,641 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\Resmon.ResmonCfg [2011.10.08 23:05:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.08 23:05:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.27 13:29:02 | 000,017,408 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\WebpageIcons.db [2011.07.21 03:55:21 | 001,598,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.25 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\0D0DF0F8-33DA-4F9A-8791-81826EF95299 [2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\180CBDF2-BDFE-4255-B540-A0F91E7E97D7 [2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\3545EE28-CA30-4ECE-BEA7-F23E1F4175B6 [2012.06.16 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\96A33D06-B081-4822-B1D5-0C631334C615 [2011.07.25 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\AceBIT [2012.04.25 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Acronis [2012.09.26 22:57:28 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\aignes [2012.08.31 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\BB8443C7-C4A5-4787-ABD1-B0C794216D2D [2013.03.18 17:24:22 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite [2013.03.21 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox [2012.11.29 01:56:50 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoft [2012.04.07 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.30 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FireShot [2012.02.17 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FreePDF [2011.07.21 05:12:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Leadertech [2012.11.11 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\onOne Software [2012.05.06 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\PreSonus [2013.01.14 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\qualys [2012.12.28 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-updater [2012.12.28 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-zsync [2011.07.21 07:06:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Sony [2013.02.17 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TS3Client [2011.08.20 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\ts3overlay [2012.12.24 17:33:07 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TuneUp Software [2012.11.01 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 19:29:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free
11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1C1AA-46B6-4A6A-A57B-773ABB67B316}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B35B5A4-04C9-4F53-BAE0-80F94BDA32DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1089ACE5-0CCD-4D11-8F23-4644EEB90C59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D450791-D779-4B5C-95B7-5088A16A2DEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B7AD6D9-8652-4A49-B018-509CC3FCD9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A65425-95F4-456F-A0A7-C87C8FBA5073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B5E083F-CFDD-43DD-BBAD-E58DA707661D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BB8A7B9-CF0B-4371-BC4E-A4715C9CDBC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E5631B1-99C2-4BDC-AD2E-C37B1ECDA0EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{576ECA21-1C46-4B74-9116-80E21302E766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6037C601-55B2-4AD7-8C92-9B0F0A894CF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{603CAD2D-429F-48BD-972F-1427FE3BECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68F918A2-F7F4-4741-B0E4-E9ED7A997011}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87198B0D-E93E-4E80-9499-415A95ABEFA2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F5BAC88-D2C2-4C28-8DCF-6624F56C12A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99111059-5DAD-483B-B5CC-0B5DA5EC3AA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE0A8CBB-3BC7-4A5C-9317-740151C2675F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1563398-039F-4A23-BF87-E0B177F26DA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD05E012-345A-4BE8-BE12-5CFC1A514F17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE64A1AB-6E74-4368-A3D1-371E0BC8249F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7062837-CB90-40C3-BF61-09DB7C665F13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E73EE358-F6C8-4C23-98D7-75F05B954C59}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC97A9-1044-49D6-A8B8-4AD5CA24548B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{034EA0EA-15EC-4713-A7BE-6C56F5F19624}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{03824658-E6E2-4F3C-B88E-902F32CD7C42}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{065276C8-0B29-4943-8CB0-9CF77252DA4A}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{074D4541-AAA1-46DC-89AE-D14B0636323F}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{08B29CBC-2EA3-4CDD-B0CD-1C2EB1B5F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A8E9838-8429-46FE-8CAC-A2F0E892E18C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E1CB3BE-3C2D-43B5-8BAC-BEBF14BB994D}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{0E96AD09-83A9-48EF-8A97-9087BF8B7877}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{114EDCEE-9B6A-44DC-9F32-8B3A1E6FD820}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{13EDB007-FEF7-4A32-8721-8ED09F72BF2C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{1589933C-91E3-46F7-A405-DB97CEC695BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{196B796F-1855-4D67-AFBC-1718487CF7A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19F103EA-469D-41BB-A840-25C00327DAF7}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1C336387-FD25-4C99-AF75-D9D00D20C212}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{1D0D58FE-8761-42B7-AF86-97D32002356B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{1D4A32D1-8E88-435F-854F-D7065144712B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{204FA3F0-2C5B-4AB6-8EA9-64CF95936255}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{2458B340-DF35-4331-B311-ACA81B79CBD6}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{24E1908C-3BC4-4352-AE78-A3F45EF5604C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{29A5FDAB-E5BC-43EA-87A6-0553AB99928B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{29A73764-3868-4BAF-9323-24C4095D1265}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{2C9F2368-E4E1-48D8-B681-D8C4DB5B3441}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{2EAE3536-12C1-4A89-B538-1FFDD514460D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"{34378499-5CEA-43E9-9F40-606224B0E0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{34901DEE-A30A-480A-8DAD-F3B09492F62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35AFC599-C634-4421-A07F-4FBE4A800186}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38EB59C9-F2B5-4DCD-A006-FA584382D73F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3ABB0BF7-AFFB-41AA-A673-313B3D348D22}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{3CB0939E-632A-44AD-857E-5BAA9E7DB73F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{3E483AB0-C0A9-4216-851C-1989F8AA8DD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{41074FE4-A061-4ED9-8BB0-FCBF3DDC02AB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{42EBE8E2-DD81-4A05-A17E-97BA119788F3}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{450D6BC3-A6D2-45D7-85E5-3B1BDF7F765F}" = protocol=6 | dir=out | app=system |
"{4731A120-FF47-4E01-8BC4-6063788FFE4C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{4799BCAD-3746-47EA-BD7E-428AD71AF188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4D2B2A59-43D9-46E6-A9AC-149009BDE9F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{4F84E32B-BD66-489A-8B39-B5D04F7E7771}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{51C255D0-C33E-4323-864B-C6A6D9B89581}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{52823517-651C-456A-9164-D84048B69631}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{54D5AC0A-D788-4759-8D36-62799DD0F67D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57463554-8171-42E1-A198-5E8C285AFA15}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{57BD2394-52C6-459E-B3CE-2BED1EA18A7E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{58683A6E-F45B-462F-B8DF-A63DB020BD2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A603016-DD13-464B-B423-EA44763351C1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{5CC6B97A-E0FA-428E-BD5E-7C56EDF110D9}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{60F8EFA2-59E9-40DD-BC28-9E433FBC2F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67E7AB61-7257-443D-AC64-8E15B88A0ABA}" = protocol=6 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B53DDB6-8DDC-455B-A270-E9AF610E32A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AD076F7-2189-4680-A788-37B5832183A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EC169F4-29AB-4504-A0CC-3133583A1EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80CFFBB7-911D-4A9F-86FB-BDBB9586A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{84A916FD-511C-4E9E-B665-5B4BDCC0F4F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{85247B4F-F44C-4CFD-BB0D-54D25B62DF18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A3EA29-C803-428C-BE37-6BFE1A1A9280}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{8A19CC0D-20B7-47F3-8386-103530C13402}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{8BFED094-135D-47BA-A95E-C8D4CBA3FDEA}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{8E16E3A7-6091-4ACE-A43F-97C988CE5D24}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{9230FE4E-EB73-43F3-8830-79D109EC8151}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{92766F9D-07D8-4E4D-BDD7-98FCA29981F8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{937751A1-B3E3-4F5F-BCFD-02555D97B3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AA8775A-B12D-41BE-858D-0B73480453CE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{9BA55D57-F796-4328-87B9-5A14EB7BFEF1}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{9C12345E-7506-4FCD-B388-DB06A6A78826}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{9DDA1620-300E-43FE-8A8D-9ED4E1F88675}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{9EFBF356-6798-430F-90BF-1362F483C089}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{9F5795BA-9B2B-4636-8A94-658C08F79BEB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{A019B2A6-B6B9-4C2A-A4F7-E92A91BF3105}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A73AEB97-7971-403D-B953-90D6D6D81FC2}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{B0691EC9-7F09-4294-873E-B8EC7AC08CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B25A74D3-058E-42EB-940B-813FEED79BDE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{B3C09AE2-9498-4217-9695-4F172BE504E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{B3E08893-0775-49FB-AEB0-262DD76E712A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B644451C-6D78-4402-9DEF-113ACBAF8597}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B760BE85-4423-46A1-85FC-1313508AB57F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B8219290-2744-4635-813A-98CAC2DBEC13}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{B8420332-0693-4C35-B7FA-892E5CA089DA}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{B9B1B8BA-2D95-4368-889A-933B9582C51C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{BDA2268A-A376-480B-9F3B-6A93EB4E76BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BDB4308B-8BA3-4E08-B054-98D76BEF6FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{C009661E-1C8D-4051-B31E-CBF8A11A79AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C1C4A689-2E4E-4C17-B27D-AB6553173865}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C36AF29B-70F4-4452-A8E8-AF409BA43799}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C3700B4E-A6C1-467D-9BF6-4290CC285295}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{C6AF522A-5431-4ACC-A79C-3E5340635994}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C9C26E99-F066-4719-965B-69533C77F328}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CA7CDCD9-DDCB-4BBD-925A-2F7D122BFEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CAAFB741-B900-4BEF-9A3C-1DD7F7D79E4D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{CB9BC41E-97B3-4EE4-92CA-9ABED9F04457}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{CB9D580C-7743-4EC6-A787-9C1C1F568B66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CC2A9358-6F22-4010-9A89-72EB98243142}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{CD12063E-3A8D-4922-A73F-FC2ED4250A8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE2520BC-C012-426D-AC91-626EE16B7E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D530C5C4-AF60-4291-9930-C8BB5A3DF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6C24D9F-08CB-4896-B086-999BA011CB28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6D32F6E-7F14-4627-88CE-6251325CF5E8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{DD351889-6709-469F-9475-888762BCD803}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{DDC8B000-68AD-4961-B310-04F469C5FE22}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E014BCCE-4E00-4298-8175-A36201445553}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{E61EE88F-B237-4AD1-A6DA-DF1D73AFDAEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDFDA0DE-B54F-4A09-B724-E3E1F1A2B170}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{EFF71173-3810-46F0-89E3-1F2EB9BDCC9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F04E3C45-E53F-4CEC-BF2F-DB8ADF3FA4DC}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{F59ABE4E-84BE-4240-B586-CA1FB95EF765}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{FAF2ED6D-8037-40C4-BDD2-430312E54A8E}" = protocol=17 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB2F82B8-DA2E-44F3-96F8-340ECB97C5E0}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{FB3A49CB-D3DC-4DAE-AB27-7CCA5038C185}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE69E48-0B7C-492E-B11A-72FC1B89CA0F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"TCP Query User{5088C0B5-6189-41F2-9F74-0EBF6F1233E7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E21B7AA9-140A-44BD-A5F1-F74A6136AC08}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.30
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-65fdd504-e7d5-463d-b80d-d2087eb2a27b" = My Game Long Name
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFAA49C-2B1D-4808-B43A-4AAFF0475B04}" = Plus Pack für Acronis True Image Home 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"Anti-Twin 2011-07-23 03.08.03" = Anti-Twin (Installation 23.07.2011)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Endless City" = NVIDIA Endless City demo
"ESN Sonar-0.70.0" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"ITN Converter_is1" = ITN Converter 1.78
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neolog_is1" = Neolog 1.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PreSonus Studio One 2" = PreSonus Studio One 2
"PS3 Media Server" = PS3 Media Server
"Steam App 100410" = CameraBag 2
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 107900" = War Inc. Battlezone
"Steam App 113420" = Fallen Earth
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 13520" = Far Cry
"Steam App 17410" = Mirror's Edge
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 203850" = Microsoft Flight
"Steam App 205230" = Hell Yeah!
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 214850" = GameMaker: Studio
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 221080" = District 187
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38830" = CrimeCraft GangWars
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Winamp" = Winamp
"XnView_is1" = XnView 1.99.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 05.10.2012 09:06:40 | Computer Name = OXOMOXO-PC | Source = System Restore | ID = 8193
Description =
Error - 05.10.2012 10:02:47 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17e8 Startzeit: 01cda2ec7cffb0ca Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 45d058fa-0ef5-11e2-b2d6-e0cb4e977cc1
Error - 05.10.2012 11:16:28 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2a44 Startzeit: 01cda3021950b90c Endzeit: 10 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 95704d03-0eff-11e2-b2d6-e0cb4e977cc1
[ Media Center Events ]
Error - 22.07.2011 18:23:40 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:39 - Fehler beim Herstellen der Internetverbindung. 00:23:40
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 18:25:48 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:50 - Fehler beim Herstellen der Internetverbindung. 00:23:50
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 19:25:51 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:51 - Fehler beim Herstellen der Internetverbindung. 01:25:51
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 19:26:00 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:56 - Fehler beim Herstellen der Internetverbindung. 01:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 20:26:02 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:02 - Fehler beim Herstellen der Internetverbindung. 02:26:02
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 20:26:08 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:07 - Fehler beim Herstellen der Internetverbindung. 02:26:07
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 21:26:20 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:20 - Fehler beim Herstellen der Internetverbindung. 03:26:20
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 21:26:29 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:25 - Fehler beim Herstellen der Internetverbindung. 03:26:25
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 19.03.2013 08:10:39 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 19.03.2013 08:13:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 19.03.2013 16:30:21 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description =
Error - 20.03.2013 08:57:47 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.03.2013 19:33:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:03:13 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:15:57 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description =
Error - 21.03.2013 11:17:12 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:27:03 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 21.03.2013 11:27:25 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-21 20:00:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 OCZ-VERTEX4 rev.1.3 119,24GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\OXOMOXO\AppData\Local\Temp\uxliyfoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000103c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000103c08 3 bytes [C0, 06, 02]
.text ... * 110
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff960001bb878 8 bytes [00, 98, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_hGetColorTransform + 468 fffff960001bba88 8 bytes [D0, 98, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngReleaseFastMutex + 8 fffff960001bc538 8 bytes [D8, A7, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetLastError + 792 fffff960001bc8d8 8 bytes [BC, 9E, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngQueryPerformanceFrequency + 8 fffff960001bce08 8 bytes [B0, 99, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFreeSectionMem + 76 fffff960001bcf28 8 bytes [E4, B0, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398 fffff960001c291a 6 bytes {JMP QWORD [RIP-0x17aa38]}
.text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff960001c4448 8 bytes [E0, 9B, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 40 fffff960001c8d98 8 bytes [60, 9A, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateRectRgn + 48 fffff960001ccfc8 8 bytes [F8, 9F, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304 fffff960001cd8c8 8 bytes [1C, A1, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateDriverObj + 164 fffff960001e7878 8 bytes [E4, AB, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44 fffff960001e78d8 8 bytes [78, 9F, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16 fffff960001fe118 8 bytes {CALL QWORD [RAX+0x36aaa6c]}
.text C:\Windows\System32\win32k.sys!EngUnmapFile + 944 fffff960001fe7e8 8 bytes [D4, A3, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8 fffff960001fe7f8 8 bytes [E0, A2, 6A, 03, 80, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000773afa88 5 bytes JMP 0000000172a2139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0018 5 bytes JMP 0000000172a21a54
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072671a22 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072671ad0 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072671b08 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072671bba 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072671bda 2 bytes [67, 72]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158341bdb3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x70 0xB6 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x83 0xEB 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x22 0x3D 0x7C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158341bdb3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x70 0xB6 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x83 0xEB 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x22 0x3D 0x7C 0xF1 ...
---- EOF - GMER 2.1 ----
|
|
22.03.2013, 18:54
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo,
__________________Zitat:
Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ |
|
22.03.2013, 19:21
| #3 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus,
__________________es war eine BD ISO mit HD AUDIO. WIN7 Ultimate habe ich, weil ich es wollte. Glaube kaum das ein Firmen-PC so eine Gesamtausstattung hat. Aber wozu die Fragen? Wie geht es weiter? Geändert von isnogud (22.03.2013 um 19:41 Uhr) |
|
22.03.2013, 22:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Die Ultimate Edition ist teurer, für den Heimgebrauch eher unnötig/übertrieben und falls gewerblicher Einsatz im Spiel ist müssen wir hier besondere Hinweise posten Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.03.2013, 18:39
| #5 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus, das Ultimate war als Vorbesteller recht günstig vor Jahren. Seit dem habe ich das System nicht neu installiert. Was ich auch vermeiden will. Der Rechner gehört mir und ist nicht gewerblich. Die Scans wollte ich in deiner aufgeführten Reihenfolge ausführen. Das ging auch bis auf die aswMBR.exe Mein Vorgehen war wie in der Anleitung beschrieben. Mehrmals versucht, auch Neustart. Aber während des Scans stürzt das Program ab. Habe auch keine Chance die Log zu speichern. KIS war während des Scans deaktiviert. **EDIT** Habe den aswMBR Scan anschließend erneut versucht und er lief durch. Log ist unter Schritt 5 gepostet. Schritt 4 MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.23.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
OXOMOXO :: OXOMOXO-PC [administrator]
23.03.2013 17:10:16
mbar-log-2013-03-23 (17-10-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27563
Time elapsed: 6 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 18:44:11
-----------------------------
18:44:11.128 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:11.128 Number of processors: 8 586 0x1A05
18:44:11.128 ComputerName: OXOMOXO-PC UserName: OXOMOXO
18:44:11.394 Initialize success
18:44:18.476 AVAST engine defs: 13032301
18:44:27.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:44:27.976 Disk 0 Vendor: OCZ-VERTEX4 1.3 Size: 122104MB BusType: 3
18:44:27.976 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
18:44:27.976 Disk 1 Vendor: SAMSUNG_HD105SI 1AJ10001 Size: 953869MB BusType: 3
18:44:27.976 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
18:44:27.976 Disk 2 Vendor: SAMSUNG_HD503HI 1AJ10001 Size: 476940MB BusType: 3
18:44:27.976 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-7
18:44:27.976 Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:44:28.054 Disk 0 MBR read successfully
18:44:28.054 Disk 0 MBR scan
18:44:28.054 Disk 0 Windows 7 default MBR code
18:44:28.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 31 MB offset 63
18:44:28.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122072 MB offset 64260
18:44:28.132 Disk 0 scanning C:\Windows\system32\drivers
18:44:36.307 Service scanning
18:44:45.542 Modules scanning
18:44:45.542 Disk 0 trace - called modules:
18:44:45.542 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:44:45.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d97790]
18:44:45.558 3 CLASSPNP.SYS[fffff880021c843f] -> nt!IofCallDriver -> [0xfffffa8005cc5a60]
18:44:45.558 5 vsflt67.sys[fffff88000ebc7cd] -> nt!IofCallDriver -> [0xfffffa8005b53580]
18:44:45.558 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005c05060]
18:44:45.823 AVAST engine scan C:\Windows
18:44:49.614 AVAST engine scan C:\Windows\system32
18:46:58.361 AVAST engine scan C:\Windows\system32\drivers
18:47:08.314 AVAST engine scan C:\Users\OXOMOXO
18:48:22.757 AVAST engine scan C:\ProgramData
18:48:37.749 Scan finished successfully
18:48:53.614 Disk 0 MBR has been saved successfully to "D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\5.Schritt\MBR.dat"
18:48:53.614 The log file has been saved successfully to "D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\5.Schritt\aswMBR.txt"
Code:
ATTFilter 18:00:54.0182 3552 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:00:54.0260 3552 ============================================================
18:00:54.0260 3552 Current date / time: 2013/03/23 18:00:54.0260
18:00:54.0260 3552 SystemInfo:
18:00:54.0260 3552
18:00:54.0260 3552 OS Version: 6.1.7601 ServicePack: 1.0
18:00:54.0260 3552 Product type: Workstation
18:00:54.0260 3552 ComputerName: OXOMOXO-PC
18:00:54.0260 3552 UserName: OXOMOXO
18:00:54.0260 3552 Windows directory: C:\Windows
18:00:54.0260 3552 System windows directory: C:\Windows
18:00:54.0260 3552 Running under WOW64
18:00:54.0260 3552 Processor architecture: Intel x64
18:00:54.0260 3552 Number of processors: 8
18:00:54.0260 3552 Page size: 0x1000
18:00:54.0260 3552 Boot type: Normal boot
18:00:54.0260 3552 ============================================================
18:00:54.0603 3552 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0619 3552 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0634 3552 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0650 3552 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0650 3552 ============================================================
18:00:54.0650 3552 \Device\Harddisk0\DR0:
18:00:54.0650 3552 MBR partitions:
18:00:54.0650 3552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFAC5
18:00:54.0650 3552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xEE6C04A
18:00:54.0650 3552 \Device\Harddisk1\DR1:
18:00:54.0650 3552 MBR partitions:
18:00:54.0650 3552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:00:54.0650 3552 \Device\Harddisk2\DR2:
18:00:54.0650 3552 MBR partitions:
18:00:54.0650 3552 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
18:00:54.0650 3552 \Device\Harddisk3\DR3:
18:00:54.0650 3552 MBR partitions:
18:00:54.0650 3552 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:00:54.0650 3552 ============================================================
18:00:54.0650 3552 C: <-> \Device\Harddisk0\DR0\Partition2
18:00:54.0666 3552 F: <-> \Device\Harddisk3\DR3\Partition1
18:00:54.0697 3552 D: <-> \Device\Harddisk2\DR2\Partition1
18:00:54.0712 3552 E: <-> \Device\Harddisk1\DR1\Partition1
18:00:54.0712 3552 ============================================================
18:00:54.0712 3552 Initialize success
18:00:54.0712 3552 ============================================================
18:01:00.0360 2176 ============================================================
18:01:00.0360 2176 Scan started
18:01:00.0360 2176 Mode: Manual; SigCheck; TDLFS;
18:01:00.0360 2176 ============================================================
18:01:00.0469 2176 ================ Scan system memory ========================
18:01:00.0469 2176 System memory - ok
18:01:00.0469 2176 ================ Scan services =============================
18:01:00.0516 2176 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:01:00.0562 2176 1394ohci - ok
18:01:00.0562 2176 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:01:00.0578 2176 ACPI - ok
18:01:00.0578 2176 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:01:00.0594 2176 AcpiPmi - ok
18:01:00.0609 2176 [ 0C9A37D1456F44D7A1F9AE888E62C180 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:01:00.0640 2176 AcrSch2Svc - ok
18:01:00.0640 2176 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:01:00.0656 2176 AdobeARMservice - ok
18:01:00.0687 2176 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:00.0687 2176 AdobeFlashPlayerUpdateSvc - ok
18:01:00.0703 2176 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:01:00.0718 2176 adp94xx - ok
18:01:00.0718 2176 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:01:00.0734 2176 adpahci - ok
18:01:00.0750 2176 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:01:00.0750 2176 adpu320 - ok
18:01:00.0750 2176 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:01:00.0781 2176 AeLookupSvc - ok
18:01:00.0796 2176 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
18:01:00.0796 2176 afcdp - ok
18:01:00.0843 2176 [ 50BD54F16710AE4AEF88D57E63ECFEF8 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:01:00.0906 2176 afcdpsrv - ok
18:01:00.0921 2176 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:01:00.0937 2176 AFD - ok
18:01:00.0937 2176 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:01:00.0952 2176 agp440 - ok
18:01:00.0952 2176 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:01:00.0968 2176 ALG - ok
18:01:00.0968 2176 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:01:00.0984 2176 aliide - ok
18:01:00.0984 2176 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:01:00.0984 2176 amdide - ok
18:01:00.0999 2176 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:01:00.0999 2176 AmdK8 - ok
18:01:01.0015 2176 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:01:01.0015 2176 AmdPPM - ok
18:01:01.0030 2176 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:01:01.0030 2176 amdsata - ok
18:01:01.0030 2176 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:01:01.0046 2176 amdsbs - ok
18:01:01.0046 2176 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:01:01.0062 2176 amdxata - ok
18:01:01.0062 2176 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:01:01.0093 2176 AppID - ok
18:01:01.0093 2176 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:01:01.0124 2176 AppIDSvc - ok
18:01:01.0124 2176 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:01:01.0155 2176 Appinfo - ok
18:01:01.0155 2176 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:01:01.0171 2176 AppMgmt - ok
18:01:01.0171 2176 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:01:01.0186 2176 arc - ok
18:01:01.0186 2176 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:01:01.0202 2176 arcsas - ok
18:01:01.0218 2176 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:01:01.0218 2176 aspnet_state - ok
18:01:01.0218 2176 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:01.0249 2176 AsyncMac - ok
18:01:01.0249 2176 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:01:01.0264 2176 atapi - ok
18:01:01.0280 2176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:01:01.0311 2176 AudioEndpointBuilder - ok
18:01:01.0311 2176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:01:01.0342 2176 AudioSrv - ok
18:01:01.0358 2176 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
18:01:01.0374 2176 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:01:01.0374 2176 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:01:01.0374 2176 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
18:01:01.0389 2176 avmeject - ok
18:01:01.0389 2176 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
18:01:01.0405 2176 AVP - ok
18:01:01.0405 2176 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:01:01.0436 2176 AxInstSV - ok
18:01:01.0436 2176 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:01:01.0467 2176 b06bdrv - ok
18:01:01.0467 2176 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:01.0483 2176 b57nd60a - ok
18:01:01.0483 2176 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:01:01.0498 2176 BDESVC - ok
18:01:01.0498 2176 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:01:01.0530 2176 Beep - ok
18:01:01.0530 2176 [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
18:01:01.0530 2176 BEService ( UnsignedFile.Multi.Generic ) - warning
18:01:01.0530 2176 BEService - detected UnsignedFile.Multi.Generic (1)
18:01:01.0545 2176 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:01:01.0576 2176 BFE - ok
18:01:01.0592 2176 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:01:01.0623 2176 BITS - ok
18:01:01.0623 2176 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:01.0639 2176 blbdrive - ok
18:01:01.0639 2176 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:01:01.0654 2176 bowser - ok
18:01:01.0654 2176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:01:01.0670 2176 BrFiltLo - ok
18:01:01.0670 2176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:01:01.0686 2176 BrFiltUp - ok
18:01:01.0686 2176 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:01:01.0701 2176 Browser - ok
18:01:01.0701 2176 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:01:01.0732 2176 Brserid - ok
18:01:01.0732 2176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:01.0748 2176 BrSerWdm - ok
18:01:01.0748 2176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:01.0748 2176 BrUsbMdm - ok
18:01:01.0764 2176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:01.0764 2176 BrUsbSer - ok
18:01:01.0764 2176 BT - ok
18:01:01.0779 2176 Btcsrusb - ok
18:01:01.0779 2176 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:01:01.0795 2176 BthEnum - ok
18:01:01.0795 2176 [ 81229822FACAA324718B3B3C973688ED ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys
18:01:01.0795 2176 BtHidBus - ok
18:01:01.0795 2176 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:01:01.0810 2176 BTHMODEM - ok
18:01:01.0810 2176 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:01:01.0826 2176 BthPan - ok
18:01:01.0842 2176 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:01:01.0857 2176 BTHPORT - ok
18:01:01.0857 2176 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:01:01.0888 2176 bthserv - ok
18:01:01.0888 2176 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:01:01.0904 2176 BTHUSB - ok
18:01:01.0904 2176 [ 2531372CC2AD7C7204A7520DC7C2D0DA ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
18:01:01.0920 2176 btnetBUs - ok
18:01:01.0920 2176 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:01:01.0951 2176 cdfs - ok
18:01:01.0951 2176 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:01:01.0966 2176 cdrom - ok
18:01:01.0966 2176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:01:01.0982 2176 CertPropSvc - ok
18:01:01.0998 2176 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:01:01.0998 2176 circlass - ok
18:01:02.0013 2176 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:01:02.0029 2176 CLFS - ok
18:01:02.0029 2176 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:02.0044 2176 clr_optimization_v2.0.50727_32 - ok
18:01:02.0044 2176 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:02.0060 2176 clr_optimization_v2.0.50727_64 - ok
18:01:02.0060 2176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:02.0076 2176 clr_optimization_v4.0.30319_32 - ok
18:01:02.0076 2176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:02.0091 2176 clr_optimization_v4.0.30319_64 - ok
18:01:02.0091 2176 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:02.0107 2176 CmBatt - ok
18:01:02.0107 2176 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:01:02.0107 2176 cmdide - ok
18:01:02.0122 2176 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:01:02.0138 2176 CNG - ok
18:01:02.0138 2176 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:01:02.0154 2176 Compbatt - ok
18:01:02.0154 2176 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:01:02.0169 2176 CompositeBus - ok
18:01:02.0169 2176 COMSysApp - ok
18:01:02.0169 2176 cpuz136 - ok
18:01:02.0169 2176 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:01:02.0185 2176 crcdisk - ok
18:01:02.0185 2176 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:01:02.0232 2176 CryptSvc - ok
18:01:02.0247 2176 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:01:02.0263 2176 CSC - ok
18:01:02.0278 2176 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:01:02.0310 2176 CscService - ok
18:01:02.0310 2176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:01:02.0356 2176 DcomLaunch - ok
18:01:02.0356 2176 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:01:02.0388 2176 defragsvc - ok
18:01:02.0388 2176 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:01:02.0419 2176 DfsC - ok
18:01:02.0419 2176 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:01:02.0434 2176 Dhcp - ok
18:01:02.0434 2176 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:01:02.0466 2176 discache - ok
18:01:02.0466 2176 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:01:02.0481 2176 Disk - ok
18:01:02.0481 2176 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:01:02.0497 2176 Dnscache - ok
18:01:02.0512 2176 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:01:02.0544 2176 dot3svc - ok
18:01:02.0544 2176 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:01:02.0575 2176 DPS - ok
18:01:02.0575 2176 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:01:02.0590 2176 drmkaud - ok
18:01:02.0590 2176 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:01:02.0622 2176 DXGKrnl - ok
18:01:02.0622 2176 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:01:02.0653 2176 EapHost - ok
18:01:02.0715 2176 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:01:02.0762 2176 ebdrv - ok
18:01:02.0762 2176 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:01:02.0778 2176 EFS - ok
18:01:02.0793 2176 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:01:02.0809 2176 ehRecvr - ok
18:01:02.0809 2176 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:01:02.0824 2176 ehSched - ok
18:01:02.0840 2176 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:01:02.0856 2176 elxstor - ok
18:01:02.0856 2176 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:01:02.0871 2176 ErrDev - ok
18:01:02.0871 2176 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:01:02.0902 2176 EventSystem - ok
18:01:02.0918 2176 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:01:02.0934 2176 exfat - ok
18:01:02.0949 2176 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:01:02.0965 2176 fastfat - ok
18:01:02.0980 2176 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:01:02.0996 2176 Fax - ok
18:01:03.0012 2176 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:01:03.0012 2176 fdc - ok
18:01:03.0012 2176 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:01:03.0043 2176 fdPHost - ok
18:01:03.0043 2176 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:01:03.0074 2176 FDResPub - ok
18:01:03.0074 2176 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:01:03.0090 2176 FileInfo - ok
18:01:03.0090 2176 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:01:03.0121 2176 Filetrace - ok
18:01:03.0121 2176 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:03.0121 2176 flpydisk - ok
18:01:03.0136 2176 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:01:03.0152 2176 FltMgr - ok
18:01:03.0152 2176 [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
18:01:03.0168 2176 fltsrv - ok
18:01:03.0168 2176 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:01:03.0199 2176 FontCache - ok
18:01:03.0199 2176 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:03.0214 2176 FontCache3.0.0.0 - ok
18:01:03.0214 2176 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:01:03.0230 2176 FsDepends - ok
18:01:03.0230 2176 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:01:03.0230 2176 Fs_Rec - ok
18:01:03.0246 2176 [ 290EBA98AD0CE0D1B880B5D71194B069 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:01:03.0246 2176 Futuremark SystemInfo Service - ok
18:01:03.0261 2176 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:01:03.0277 2176 fvevol - ok
18:01:03.0277 2176 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
18:01:03.0292 2176 fwlanusbn - ok
18:01:03.0308 2176 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:01:03.0308 2176 gagp30kx - ok
18:01:03.0308 2176 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:03.0324 2176 GEARAspiWDM - ok
18:01:03.0324 2176 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:01:03.0370 2176 gpsvc - ok
18:01:03.0370 2176 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:01:03.0386 2176 hcw85cir - ok
18:01:03.0386 2176 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:01:03.0402 2176 HdAudAddService - ok
18:01:03.0402 2176 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:03.0417 2176 HDAudBus - ok
18:01:03.0417 2176 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:01:03.0433 2176 HidBatt - ok
18:01:03.0433 2176 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:01:03.0448 2176 HidBth - ok
18:01:03.0448 2176 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:01:03.0464 2176 HidIr - ok
18:01:03.0464 2176 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:01:03.0495 2176 hidserv - ok
18:01:03.0495 2176 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:01:03.0495 2176 HidUsb - ok
18:01:03.0511 2176 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:01:03.0526 2176 hkmsvc - ok
18:01:03.0542 2176 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:01:03.0558 2176 HomeGroupListener - ok
18:01:03.0558 2176 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:01:03.0573 2176 HomeGroupProvider - ok
18:01:03.0573 2176 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:01:03.0589 2176 HpSAMD - ok
18:01:03.0589 2176 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:01:03.0620 2176 HTTP - ok
18:01:03.0636 2176 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:01:03.0636 2176 hwpolicy - ok
18:01:03.0636 2176 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:03.0651 2176 i8042prt - ok
18:01:03.0651 2176 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:01:03.0667 2176 iaStorV - ok
18:01:03.0682 2176 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:03.0698 2176 idsvc - ok
18:01:03.0714 2176 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:01:03.0714 2176 iirsp - ok
18:01:03.0729 2176 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:01:03.0760 2176 IKEEXT - ok
18:01:03.0776 2176 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:01:03.0776 2176 intelide - ok
18:01:03.0776 2176 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:01:03.0792 2176 intelppm - ok
18:01:03.0792 2176 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:01:03.0823 2176 IPBusEnum - ok
18:01:03.0823 2176 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:03.0854 2176 IpFilterDriver - ok
18:01:03.0854 2176 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:01:03.0885 2176 iphlpsvc - ok
18:01:03.0901 2176 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:01:03.0916 2176 IPMIDRV - ok
18:01:03.0916 2176 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:01:03.0948 2176 IPNAT - ok
18:01:03.0948 2176 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:01:03.0963 2176 IRENUM - ok
18:01:03.0963 2176 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:01:03.0979 2176 isapnp - ok
18:01:03.0979 2176 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:01:03.0994 2176 iScsiPrt - ok
18:01:03.0994 2176 [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys
18:01:04.0010 2176 IvtBtBUs - ok
18:01:04.0010 2176 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:04.0026 2176 kbdclass - ok
18:01:04.0026 2176 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:04.0026 2176 kbdhid - ok
18:01:04.0041 2176 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:01:04.0041 2176 KeyIso - ok
18:01:04.0057 2176 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
18:01:04.0072 2176 kl1 - ok
18:01:04.0072 2176 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:01:04.0088 2176 KLIF - ok
18:01:04.0104 2176 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:01:04.0104 2176 KLIM6 - ok
18:01:04.0104 2176 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
18:01:04.0119 2176 klkbdflt - ok
18:01:04.0119 2176 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:01:04.0119 2176 klmouflt - ok
18:01:04.0135 2176 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
18:01:04.0135 2176 kltdi - ok
18:01:04.0135 2176 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
18:01:04.0150 2176 kneps - ok
18:01:04.0150 2176 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:01:04.0166 2176 KSecDD - ok
18:01:04.0166 2176 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:01:04.0182 2176 KSecPkg - ok
18:01:04.0182 2176 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:01:04.0213 2176 ksthunk - ok
18:01:04.0213 2176 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:01:04.0244 2176 KtmRm - ok
18:01:04.0244 2176 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:01:04.0275 2176 LanmanServer - ok
18:01:04.0291 2176 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:01:04.0306 2176 LanmanWorkstation - ok
18:01:04.0322 2176 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:01:04.0338 2176 LBTServ - ok
18:01:04.0338 2176 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:01:04.0353 2176 LHidFilt - ok
18:01:04.0353 2176 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:01:04.0369 2176 lltdio - ok
18:01:04.0384 2176 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:01:04.0416 2176 lltdsvc - ok
18:01:04.0416 2176 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:01:04.0447 2176 lmhosts - ok
18:01:04.0447 2176 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:01:04.0447 2176 LMouFilt - ok
18:01:04.0462 2176 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:01:04.0462 2176 LSI_FC - ok
18:01:04.0462 2176 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:01:04.0478 2176 LSI_SAS - ok
18:01:04.0478 2176 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:01:04.0494 2176 LSI_SAS2 - ok
18:01:04.0494 2176 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:01:04.0509 2176 LSI_SCSI - ok
18:01:04.0509 2176 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:01:04.0540 2176 luafv - ok
18:01:04.0540 2176 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:01:04.0556 2176 Mcx2Svc - ok
18:01:04.0556 2176 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:01:04.0556 2176 megasas - ok
18:01:04.0572 2176 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:01:04.0587 2176 MegaSR - ok
18:01:04.0587 2176 Microsoft SharePoint Workspace Audit Service - ok
18:01:04.0587 2176 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:01:04.0618 2176 MMCSS - ok
18:01:04.0618 2176 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:01:04.0650 2176 Modem - ok
18:01:04.0650 2176 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:01:04.0665 2176 monitor - ok
18:01:04.0665 2176 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:01:04.0681 2176 mouclass - ok
18:01:04.0681 2176 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:01:04.0681 2176 mouhid - ok
18:01:04.0696 2176 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:01:04.0696 2176 mountmgr - ok
18:01:04.0712 2176 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:04.0712 2176 MozillaMaintenance - ok
18:01:04.0728 2176 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:01:04.0728 2176 mpio - ok
18:01:04.0728 2176 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:01:04.0759 2176 mpsdrv - ok
18:01:04.0774 2176 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:01:04.0806 2176 MpsSvc - ok
18:01:04.0806 2176 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:01:04.0837 2176 MRxDAV - ok
18:01:04.0837 2176 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:04.0852 2176 mrxsmb - ok
18:01:04.0852 2176 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:04.0868 2176 mrxsmb10 - ok
18:01:04.0868 2176 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:04.0884 2176 mrxsmb20 - ok
18:01:04.0884 2176 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:01:04.0899 2176 msahci - ok
18:01:04.0899 2176 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
18:01:04.0915 2176 MSCamSvc - ok
18:01:04.0915 2176 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:01:04.0930 2176 msdsm - ok
18:01:04.0930 2176 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:01:04.0946 2176 MSDTC - ok
18:01:04.0946 2176 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:01:04.0977 2176 Msfs - ok
18:01:04.0977 2176 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:01:05.0008 2176 mshidkmdf - ok
18:01:05.0008 2176 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
18:01:05.0008 2176 MSHUSBVideo - ok
18:01:05.0024 2176 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:01:05.0024 2176 msisadrv - ok
18:01:05.0024 2176 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:01:05.0055 2176 MSiSCSI - ok
18:01:05.0055 2176 msiserver - ok
18:01:05.0071 2176 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:01:05.0086 2176 MSKSSRV - ok
18:01:05.0102 2176 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:05.0118 2176 MSPCLOCK - ok
18:01:05.0118 2176 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:01:05.0149 2176 MSPQM - ok
18:01:05.0164 2176 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:01:05.0164 2176 MsRPC - ok
18:01:05.0180 2176 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:01:05.0180 2176 mssmbios - ok
18:01:05.0196 2176 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:01:05.0211 2176 MSTEE - ok
18:01:05.0211 2176 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:01:05.0227 2176 MTConfig - ok
18:01:05.0227 2176 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:01:05.0242 2176 MTsensor - ok
18:01:05.0242 2176 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:01:05.0258 2176 Mup - ok
18:01:05.0258 2176 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:01:05.0289 2176 napagent - ok
18:01:05.0305 2176 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:01:05.0320 2176 NativeWifiP - ok
18:01:05.0320 2176 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:01:05.0352 2176 NDIS - ok
18:01:05.0352 2176 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:05.0383 2176 NdisCap - ok
18:01:05.0383 2176 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:05.0414 2176 NdisTapi - ok
18:01:05.0414 2176 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:05.0445 2176 Ndisuio - ok
18:01:05.0445 2176 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:05.0476 2176 NdisWan - ok
18:01:05.0476 2176 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:01:05.0492 2176 NDProxy - ok
18:01:05.0508 2176 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:01:05.0523 2176 NetBIOS - ok
18:01:05.0539 2176 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:01:05.0554 2176 NetBT - ok
18:01:05.0570 2176 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:01:05.0570 2176 Netlogon - ok
18:01:05.0586 2176 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:01:05.0617 2176 Netman - ok
18:01:05.0617 2176 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0632 2176 NetMsmqActivator - ok
18:01:05.0632 2176 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0632 2176 NetPipeActivator - ok
18:01:05.0648 2176 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:01:05.0679 2176 netprofm - ok
18:01:05.0679 2176 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0695 2176 NetTcpActivator - ok
18:01:05.0695 2176 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0695 2176 NetTcpPortSharing - ok
18:01:05.0710 2176 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:01:05.0710 2176 nfrd960 - ok
18:01:05.0726 2176 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:01:05.0742 2176 NlaSvc - ok
18:01:05.0742 2176 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:01:05.0757 2176 Npfs - ok
18:01:05.0773 2176 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:01:05.0788 2176 nsi - ok
18:01:05.0804 2176 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:01:05.0820 2176 nsiproxy - ok
18:01:05.0851 2176 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:01:05.0882 2176 Ntfs - ok
18:01:05.0882 2176 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:01:05.0913 2176 Null - ok
18:01:05.0913 2176 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:01:05.0929 2176 NVHDA - ok
18:01:06.0038 2176 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:06.0147 2176 nvlddmkm - ok
18:01:06.0163 2176 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:01:06.0178 2176 nvraid - ok
18:01:06.0178 2176 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:01:06.0194 2176 nvstor - ok
18:01:06.0194 2176 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:01:06.0225 2176 nvsvc - ok
18:01:06.0241 2176 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:01:06.0272 2176 nvUpdatusService - ok
18:01:06.0272 2176 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:01:06.0288 2176 nv_agp - ok
18:01:06.0288 2176 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:01:06.0303 2176 ohci1394 - ok
18:01:06.0319 2176 [ FB565EAF1E99F57D1963189EE2F8ED66 ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
18:01:06.0366 2176 OS Selector - ok
18:01:06.0366 2176 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:06.0381 2176 ose - ok
18:01:06.0428 2176 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:06.0522 2176 osppsvc - ok
18:01:06.0537 2176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:01:06.0553 2176 p2pimsvc - ok
18:01:06.0553 2176 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:01:06.0568 2176 p2psvc - ok
18:01:06.0568 2176 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:01:06.0584 2176 Parport - ok
18:01:06.0584 2176 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:01:06.0600 2176 partmgr - ok
18:01:06.0600 2176 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:01:06.0615 2176 PcaSvc - ok
18:01:06.0615 2176 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:01:06.0631 2176 pci - ok
18:01:06.0631 2176 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:01:06.0646 2176 pciide - ok
18:01:06.0646 2176 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:01:06.0662 2176 pcmcia - ok
18:01:06.0662 2176 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:01:06.0678 2176 pcw - ok
18:01:06.0693 2176 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:01:06.0725 2176 PEAUTH - ok
18:01:06.0740 2176 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:01:06.0771 2176 PeerDistSvc - ok
18:01:06.0803 2176 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:01:06.0818 2176 PerfHost - ok
18:01:06.0834 2176 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:01:06.0881 2176 pla - ok
18:01:06.0881 2176 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:01:06.0896 2176 PlugPlay - ok
18:01:06.0912 2176 PnkBstrA - ok
18:01:06.0912 2176 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:01:06.0912 2176 PNRPAutoReg - ok
18:01:06.0927 2176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:01:06.0943 2176 PNRPsvc - ok
18:01:06.0943 2176 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:01:06.0974 2176 PolicyAgent - ok
18:01:06.0990 2176 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:01:07.0021 2176 Power - ok
18:01:07.0021 2176 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:01:07.0052 2176 PptpMiniport - ok
18:01:07.0052 2176 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:01:07.0052 2176 Processor - ok
18:01:07.0068 2176 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:01:07.0083 2176 ProfSvc - ok
18:01:07.0083 2176 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:01:07.0099 2176 ProtectedStorage - ok
18:01:07.0099 2176 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:01:07.0130 2176 Psched - ok
18:01:07.0146 2176 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:01:07.0177 2176 ql2300 - ok
18:01:07.0177 2176 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:01:07.0193 2176 ql40xx - ok
18:01:07.0193 2176 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:01:07.0208 2176 QWAVE - ok
18:01:07.0224 2176 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:01:07.0239 2176 QWAVEdrv - ok
18:01:07.0239 2176 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:01:07.0255 2176 RasAcd - ok
18:01:07.0271 2176 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:07.0286 2176 RasAgileVpn - ok
18:01:07.0302 2176 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:01:07.0317 2176 RasAuto - ok
18:01:07.0333 2176 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:07.0349 2176 Rasl2tp - ok
18:01:07.0364 2176 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:01:07.0395 2176 RasMan - ok
18:01:07.0395 2176 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:07.0427 2176 RasPppoe - ok
18:01:07.0427 2176 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:01:07.0458 2176 RasSstp - ok
18:01:07.0458 2176 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:01:07.0489 2176 rdbss - ok
18:01:07.0489 2176 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:01:07.0505 2176 rdpbus - ok
18:01:07.0505 2176 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:07.0536 2176 RDPCDD - ok
18:01:07.0536 2176 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:01:07.0551 2176 RDPDR - ok
18:01:07.0551 2176 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:01:07.0583 2176 RDPENCDD - ok
18:01:07.0583 2176 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:01:07.0614 2176 RDPREFMP - ok
18:01:07.0614 2176 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:01:07.0629 2176 RdpVideoMiniport - ok
18:01:07.0629 2176 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:01:07.0645 2176 RDPWD - ok
18:01:07.0645 2176 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:01:07.0661 2176 rdyboost - ok
18:01:07.0661 2176 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:01:07.0692 2176 RemoteAccess - ok
18:01:07.0692 2176 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:01:07.0723 2176 RemoteRegistry - ok
18:01:07.0723 2176 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:01:07.0739 2176 RFCOMM - ok
18:01:07.0754 2176 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:01:07.0770 2176 RpcEptMapper - ok
18:01:07.0785 2176 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:01:07.0785 2176 RpcLocator - ok
18:01:07.0801 2176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:01:07.0832 2176 RpcSs - ok
18:01:07.0832 2176 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:01:07.0863 2176 rspndr - ok
18:01:07.0863 2176 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
18:01:07.0863 2176 s0017bus - ok
18:01:07.0879 2176 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
18:01:07.0879 2176 s0017mdfl - ok
18:01:07.0879 2176 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
18:01:07.0895 2176 s0017mdm - ok
18:01:07.0895 2176 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
18:01:07.0910 2176 s0017mgmt - ok
18:01:07.0910 2176 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
18:01:07.0910 2176 s0017nd5 - ok
18:01:07.0926 2176 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
18:01:07.0926 2176 s0017obex - ok
18:01:07.0941 2176 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
18:01:07.0941 2176 s0017unic - ok
18:01:07.0941 2176 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:01:07.0957 2176 s3cap - ok
18:01:07.0957 2176 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:01:07.0973 2176 SamSs - ok
18:01:07.0973 2176 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:01:07.0988 2176 sbp2port - ok
18:01:07.0988 2176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:01:08.0019 2176 SCardSvr - ok
18:01:08.0019 2176 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:01:08.0051 2176 scfilter - ok
18:01:08.0066 2176 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:01:08.0097 2176 Schedule - ok
18:01:08.0113 2176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:01:08.0129 2176 SCPolicySvc - ok
18:01:08.0144 2176 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:01:08.0144 2176 SDRSVC - ok
18:01:08.0160 2176 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:01:08.0191 2176 SDScannerService - ok
18:01:08.0207 2176 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:01:08.0222 2176 SDUpdateService - ok
18:01:08.0222 2176 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:01:08.0238 2176 SDWSCService - ok
18:01:08.0238 2176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:01:08.0269 2176 secdrv - ok
18:01:08.0269 2176 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:01:08.0300 2176 seclogon - ok
18:01:08.0300 2176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:01:08.0331 2176 SENS - ok
18:01:08.0331 2176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:01:08.0347 2176 SensrSvc - ok
18:01:08.0347 2176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:01:08.0363 2176 Serenum - ok
18:01:08.0363 2176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:01:08.0378 2176 Serial - ok
18:01:08.0378 2176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:01:08.0394 2176 sermouse - ok
18:01:08.0409 2176 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:01:08.0425 2176 SessionEnv - ok
18:01:08.0425 2176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:01:08.0441 2176 sffdisk - ok
18:01:08.0441 2176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:01:08.0456 2176 sffp_mmc - ok
18:01:08.0456 2176 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:01:08.0472 2176 sffp_sd - ok
18:01:08.0472 2176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:01:08.0487 2176 sfloppy - ok
18:01:08.0487 2176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:01:08.0519 2176 SharedAccess - ok
18:01:08.0534 2176 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:01:08.0565 2176 ShellHWDetection - ok
18:01:08.0565 2176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:01:08.0581 2176 SiSRaid2 - ok
18:01:08.0581 2176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:01:08.0597 2176 SiSRaid4 - ok
18:01:08.0597 2176 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:01:08.0612 2176 SkypeUpdate - ok
18:01:08.0612 2176 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:01:08.0643 2176 Smb - ok
18:01:08.0643 2176 [ F26AAD9ADFC9B62AC59A004A913C92DA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
18:01:08.0659 2176 snapman - ok
18:01:08.0659 2176 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:01:08.0675 2176 SNMPTRAP - ok
18:01:08.0690 2176 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
18:01:08.0690 2176 Sony Ericsson PCCompanion - ok
18:01:08.0690 2176 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:01:08.0706 2176 spldr - ok
18:01:08.0721 2176 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:01:08.0737 2176 Spooler - ok
18:01:08.0768 2176 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:01:08.0846 2176 sppsvc - ok
18:01:08.0862 2176 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:01:08.0877 2176 sppuinotify - ok
18:01:08.0893 2176 sptd - ok
18:01:08.0893 2176 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:01:08.0909 2176 srv - ok
18:01:08.0924 2176 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:01:08.0940 2176 srv2 - ok
18:01:08.0955 2176 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:01:08.0955 2176 srvnet - ok
18:01:08.0971 2176 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:01:09.0002 2176 SSDPSRV - ok
18:01:09.0002 2176 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:01:09.0033 2176 SstpSvc - ok
18:01:09.0033 2176 Steam Client Service - ok
18:01:09.0033 2176 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:01:09.0049 2176 Stereo Service - ok
18:01:09.0065 2176 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:01:09.0065 2176 stexstor - ok
18:01:09.0080 2176 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:01:09.0096 2176 stisvc - ok
18:01:09.0111 2176 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:01:09.0111 2176 storflt - ok
18:01:09.0111 2176 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:01:09.0127 2176 storvsc - ok
18:01:09.0127 2176 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:01:09.0143 2176 swenum - ok
18:01:09.0143 2176 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:01:09.0174 2176 swprv - ok
18:01:09.0252 2176 [ 10196D1696B0B18168AD7FCDB8488F60 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18:01:09.0345 2176 syncagentsrv - ok
18:01:09.0345 2176 Synth3dVsc - ok
18:01:09.0377 2176 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:01:09.0408 2176 SysMain - ok
18:01:09.0408 2176 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:01:09.0423 2176 TabletInputService - ok
18:01:09.0439 2176 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:01:09.0470 2176 TapiSrv - ok
18:01:09.0470 2176 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:01:09.0501 2176 TBS - ok
18:01:09.0517 2176 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:01:09.0564 2176 Tcpip - ok
18:01:09.0579 2176 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:01:09.0611 2176 TCPIP6 - ok
18:01:09.0626 2176 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:01:09.0626 2176 tcpipreg - ok
18:01:09.0642 2176 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:01:09.0642 2176 TDPIPE - ok
18:01:09.0673 2176 [ 7BC43335C778370FD0040D5224D8EDEB ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
18:01:09.0720 2176 tdrpman - ok
18:01:09.0720 2176 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:01:09.0720 2176 TDTCP - ok
18:01:09.0735 2176 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:01:09.0751 2176 tdx - ok
18:01:09.0767 2176 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:01:09.0767 2176 TermDD - ok
18:01:09.0782 2176 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:01:09.0813 2176 TermService - ok
18:01:09.0813 2176 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:01:09.0829 2176 Themes - ok
18:01:09.0845 2176 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:01:09.0860 2176 THREADORDER - ok
18:01:09.0891 2176 [ FE95379561B6554611F47E29F48EE931 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
18:01:09.0891 2176 tifsfilter - ok
18:01:09.0907 2176 [ 7D68EAB50DF8B71408B645BA8581800E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
18:01:09.0923 2176 timounter - ok
18:01:09.0938 2176 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:01:09.0969 2176 TrkWks - ok
18:01:09.0969 2176 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:01:10.0001 2176 TrustedInstaller - ok
18:01:10.0001 2176 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:10.0032 2176 tssecsrv - ok
18:01:10.0032 2176 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:01:10.0047 2176 TsUsbFlt - ok
18:01:10.0047 2176 tsusbhub - ok
18:01:10.0079 2176 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
18:01:10.0125 2176 TuneUp.UtilitiesSvc - ok
18:01:10.0125 2176 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
18:01:10.0141 2176 TuneUpUtilitiesDrv - ok
18:01:10.0141 2176 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:01:10.0172 2176 tunnel - ok
18:01:10.0172 2176 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:01:10.0188 2176 uagp35 - ok
18:01:10.0188 2176 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:01:10.0219 2176 udfs - ok
18:01:10.0235 2176 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:01:10.0235 2176 UI0Detect - ok
18:01:10.0250 2176 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:01:10.0250 2176 uliagpkx - ok
18:01:10.0250 2176 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:01:10.0266 2176 umbus - ok
18:01:10.0266 2176 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:01:10.0281 2176 UmPass - ok
18:01:10.0281 2176 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:01:10.0297 2176 UmRdpService - ok
18:01:10.0313 2176 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:01:10.0344 2176 upnphost - ok
18:01:10.0344 2176 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:01:10.0359 2176 usbaudio - ok
18:01:10.0359 2176 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:10.0375 2176 usbccgp - ok
18:01:10.0375 2176 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:01:10.0391 2176 usbcir - ok
18:01:10.0391 2176 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:01:10.0406 2176 usbehci - ok
18:01:10.0406 2176 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:01:10.0422 2176 usbhub - ok
18:01:10.0437 2176 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:01:10.0437 2176 usbohci - ok
18:01:10.0453 2176 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:01:10.0453 2176 usbprint - ok
18:01:10.0469 2176 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:10.0469 2176 USBSTOR - ok
18:01:10.0484 2176 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:01:10.0484 2176 usbuhci - ok
18:01:10.0500 2176 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:01:10.0515 2176 usbvideo - ok
18:01:10.0515 2176 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:01:10.0547 2176 UxSms - ok
18:01:10.0547 2176 [ CC3A994F4733FF4CD8CAF09DF892E61C ] UxTuneUp C:\Windows\System32\uxtuneup.dll
18:01:10.0562 2176 UxTuneUp - ok
18:01:10.0562 2176 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:01:10.0562 2176 VaultSvc - ok
18:01:10.0578 2176 VComm - ok
18:01:10.0578 2176 VcommMgr - ok
18:01:10.0578 2176 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:01:10.0593 2176 vdrvroot - ok
18:01:10.0593 2176 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:01:10.0640 2176 vds - ok
18:01:10.0640 2176 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:10.0656 2176 vga - ok
18:01:10.0656 2176 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:01:10.0687 2176 VgaSave - ok
18:01:10.0687 2176 VGPU - ok
18:01:10.0687 2176 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:01:10.0703 2176 vhdmp - ok
18:01:10.0703 2176 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:01:10.0718 2176 viaide - ok
18:01:10.0718 2176 [ ACBCBD8421920D20F1F40B6F76A4C213 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
18:01:10.0734 2176 vididr - ok
18:01:10.0734 2176 [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
18:01:10.0749 2176 vidsflt67 - ok
18:01:10.0749 2176 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:01:10.0765 2176 vmbus - ok
18:01:10.0765 2176 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:01:10.0781 2176 VMBusHID - ok
18:01:10.0781 2176 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:01:10.0796 2176 volmgr - ok
18:01:10.0796 2176 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:01:10.0812 2176 volmgrx - ok
18:01:10.0827 2176 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:01:10.0843 2176 volsnap - ok
18:01:10.0843 2176 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:01:10.0859 2176 vsmraid - ok
18:01:10.0874 2176 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:01:10.0921 2176 VSS - ok
18:01:10.0921 2176 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:01:10.0937 2176 vwifibus - ok
18:01:10.0952 2176 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:01:10.0983 2176 W32Time - ok
18:01:10.0983 2176 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:01:10.0999 2176 WacomPen - ok
18:01:10.0999 2176 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:01:11.0030 2176 WANARP - ok
18:01:11.0030 2176 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:01:11.0061 2176 Wanarpv6 - ok
18:01:11.0077 2176 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:01:11.0108 2176 wbengine - ok
18:01:11.0124 2176 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:01:11.0139 2176 WbioSrvc - ok
18:01:11.0139 2176 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:01:11.0155 2176 wcncsvc - ok
18:01:11.0171 2176 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:01:11.0171 2176 WcsPlugInService - ok
18:01:11.0186 2176 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:01:11.0186 2176 Wd - ok
18:01:11.0202 2176 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:01:11.0217 2176 Wdf01000 - ok
18:01:11.0233 2176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:01:11.0264 2176 WdiServiceHost - ok
18:01:11.0264 2176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:01:11.0280 2176 WdiSystemHost - ok
18:01:11.0295 2176 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:01:11.0311 2176 WebClient - ok
18:01:11.0311 2176 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:01:11.0327 2176 Wecsvc - ok
18:01:11.0327 2176 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:01:11.0358 2176 wercplsupport - ok
18:01:11.0358 2176 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:01:11.0389 2176 WerSvc - ok
18:01:11.0389 2176 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:11.0420 2176 WfpLwf - ok
18:01:11.0420 2176 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:01:11.0436 2176 WIMMount - ok
18:01:11.0436 2176 WinDefend - ok
18:01:11.0451 2176 WinHttpAutoProxySvc - ok
18:01:11.0467 2176 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:01:11.0467 2176 Winmgmt - ok
18:01:11.0514 2176 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
18:01:11.0561 2176 WinRM - ok
18:01:11.0561 2176 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:01:11.0576 2176 WinUsb - ok
18:01:11.0592 2176 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:01:11.0623 2176 Wlansvc - ok
18:01:11.0623 2176 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:01:11.0623 2176 WmiAcpi - ok
18:01:11.0639 2176 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:01:11.0654 2176 wmiApSrv - ok
18:01:11.0654 2176 WMPNetworkSvc - ok
18:01:11.0654 2176 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:01:11.0670 2176 WPCSvc - ok
18:01:11.0685 2176 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:01:11.0701 2176 WPDBusEnum - ok
18:01:11.0701 2176 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:01:11.0732 2176 ws2ifsl - ok
18:01:11.0732 2176 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:01:11.0748 2176 wscsvc - ok
18:01:11.0748 2176 WSearch - ok
18:01:11.0779 2176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:01:11.0826 2176 wuauserv - ok
18:01:11.0841 2176 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:01:11.0841 2176 WudfPf - ok
18:01:11.0857 2176 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:11.0873 2176 WUDFRd - ok
18:01:11.0873 2176 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:01:11.0888 2176 wudfsvc - ok
18:01:11.0888 2176 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:01:11.0904 2176 WwanSvc - ok
18:01:11.0919 2176 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:01:11.0919 2176 xusb21 - ok
18:01:11.0935 2176 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:01:11.0951 2176 yukonw7 - ok
18:01:11.0966 2176 ================ Scan global ===============================
18:01:11.0966 2176 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:01:11.0982 2176 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:01:11.0982 2176 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:01:11.0982 2176 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:01:11.0997 2176 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:01:11.0997 2176 [Global] - ok
18:01:11.0997 2176 ================ Scan MBR ==================================
18:01:11.0997 2176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:01:12.0107 2176 \Device\Harddisk0\DR0 - ok
18:01:12.0107 2176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:01:12.0169 2176 \Device\Harddisk1\DR1 - ok
18:01:12.0185 2176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:01:12.0231 2176 \Device\Harddisk2\DR2 - ok
18:01:12.0231 2176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
18:01:12.0278 2176 \Device\Harddisk3\DR3 - ok
18:01:12.0278 2176 ================ Scan VBR ==================================
18:01:12.0294 2176 [ BF7964145219FE01CCD76DD624AD9404 ] \Device\Harddisk0\DR0\Partition1
18:01:12.0294 2176 \Device\Harddisk0\DR0\Partition1 - ok
18:01:12.0294 2176 [ B14F8D23238C96BB64E6D53CED7D1D6D ] \Device\Harddisk0\DR0\Partition2
18:01:12.0294 2176 \Device\Harddisk0\DR0\Partition2 - ok
18:01:12.0294 2176 [ 4ED49B4999133C8E041A6046D20693B3 ] \Device\Harddisk1\DR1\Partition1
18:01:12.0294 2176 \Device\Harddisk1\DR1\Partition1 - ok
18:01:12.0325 2176 [ D0E01C6125D1720207055083B0E994C7 ] \Device\Harddisk2\DR2\Partition1
18:01:12.0325 2176 \Device\Harddisk2\DR2\Partition1 - ok
18:01:12.0325 2176 [ EB41E9A9D78C99371AB962B884802EAE ] \Device\Harddisk3\DR3\Partition1
18:01:12.0325 2176 \Device\Harddisk3\DR3\Partition1 - ok
18:01:12.0325 2176 ============================================================
18:01:12.0325 2176 Scan finished
18:01:12.0325 2176 ============================================================
18:01:12.0325 5276 Detected object count: 2
18:01:12.0325 5276 Actual detected object count: 2
18:01:18.0362 5276 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:18.0362 5276 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:18.0362 5276 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:18.0362 5276 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von isnogud (23.03.2013 um 18:54 Uhr) |
|
23.03.2013, 20:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck |
|
24.03.2013, 19:01
| #7 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus, habe den Combofix ausgeführt. Jedoch waren dabei Spybot S&D und der Windows Defender aktiv. Spybot hatte ich eigentlich in der Taskleiste beendet, fand keine weitere Deaktivierungsmöglichkeit. Combofix hatte zu Anfang den Hinweis zu SS&D gegeben, dann aber weiter gefixt, als ich den Combofix schließen wollte. Den Defender hatte ich übersehen. Alles lief ohne Meldungen ab und danach habe ich Neu gestartet, auch ohne (Fehler)Meldung. Firefox hatte dann wieder gefragt, ob ich ihn als Standard nutzen will. TuneUp meldet: Die Administrative Freigaben sind wieder aktiviert. Vorher deaktiviert. Was wurde denn nun gefixt? Das Explorer Problem besteht leider noch. Soll ich erneut den Combofix ausführen ohne SS&D und WD? Wie steht es denn um mein System nach den ganzen Logs? Schritt 7 Combofix Code:
ATTFilter ComboFix 13-03-24.03 - OXOMOXO 24.03.2013 18:03:34.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.6135.3445 [GMT 1:00]
ausgeführt von:: d:\1st d o w n l o a d s\1-P R O G R A M M S\_Trojaner_Board_\7.Schritt\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\SETACD6.tmp
c:\windows\SysWow64\SETBBBB.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-24 bis 2013-03-24 ))))))))))))))))))))))))))))))
.
.
2013-03-24 17:10 . 2013-03-24 17:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-24 17:10 . 2013-03-24 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-24 17:06 . 2013-03-24 17:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CD1889F-4988-4F62-AAF4-2AA5093F9FCE}\offreg.dll
2013-03-23 16:02 . 2013-03-23 16:02 -------- d-----w- c:\programdata\Malwarebytes
2013-03-22 21:08 . 2013-03-22 21:08 -------- d-----w- c:\users\OXOMOXO\AppData\Local\IsolatedStorage
2013-03-22 21:08 . 2013-03-22 21:08 -------- d-----w- c:\users\OXOMOXO\AppData\Local\Futuremark
2013-03-22 14:26 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CD1889F-4988-4F62-AAF4-2AA5093F9FCE}\mpengine.dll
2013-03-16 15:53 . 2013-03-18 16:24 -------- d-----w- c:\users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite
2013-03-16 15:49 . 2013-03-16 15:57 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-14 18:59 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-11 21:41 . 2013-03-11 21:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-11 21:41 . 2013-03-11 21:41 -------- d-----w- c:\program files (x86)\Java
2013-03-07 22:15 . 2013-03-07 22:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-07 22:15 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-07 22:15 . 2013-03-07 22:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-07 18:56 . 2013-03-07 18:56 -------- d-----w- c:\users\OXOMOXO\AppData\Local\REINER SCT
2013-03-07 18:53 . 2013-03-07 18:53 -------- d-----w- c:\program files (x86)\REINER SCT
2013-02-25 23:32 . 2013-02-25 23:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:44 . 2011-07-21 01:55 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-11 21:41 . 2011-12-24 21:14 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-11 21:41 . 2011-10-08 23:17 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-05 15:03 . 2012-11-22 20:24 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 15:03 . 2012-11-22 20:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-25 23:32 . 2012-05-23 00:34 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2012-03-13 20:11 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2012-03-13 20:11 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-03-13 20:11 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 23:32 . 2012-10-10 19:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2012-03-13 20:11 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 23:32 . 2012-05-23 00:34 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2012-04-20 14:24 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-13 18:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-28 13:19 . 2012-12-24 16:33 35104 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-28 13:19 . 2013-02-08 18:27 37664 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-28 13:19 . 2013-02-08 18:27 29984 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-01-28 13:19 . 2012-12-24 16:33 26400 ----a-w- c:\windows\system32\authuitu.dll
2013-01-28 13:19 . 2012-12-24 16:33 21792 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-01-23 20:09 . 2011-12-24 21:16 1081760 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-23 20:09 . 2011-07-21 03:51 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-18 15:00 . 2012-03-13 20:13 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-03-13 20:13 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-04-20 13:54 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2012-03-13 20:13 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-03-13 20:13 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-03-13 20:13 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-03-13 20:13 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 07:15 . 2013-01-18 07:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-01-17 00:28 . 2011-07-21 01:51 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 18:52 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 18:52 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 18:52 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 18:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 18:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 18:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 18:52 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 18:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 18:52 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 18:52 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 18:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 18:52 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 18:52 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Password Depot"="c:\program files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe" [2013-02-26 8347272]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-02-25 5655832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-27 1173680]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe"
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"AcronisTimounterMonitor"=c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
"AVMWlanClient"=c:\program files (x86)\avmwlanstick\wlangui.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-17 49152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-08-26 34440]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 714368]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 30344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2155848]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-08-26 24840]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-16 137312]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-06-16 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-31 146528]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-31 3491792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-31 367200]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-30 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-30 29528]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-28 36720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-22 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 403656]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr
FF - prefs.js: network.proxy.http - 193.27.209.200
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-24 17:52; jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack; c:\users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-24 18:22:17
ComboFix-quarantined-files.txt 2013-03-24 17:22
.
Vor Suchlauf: 10 Verzeichnis(se), 17.748.099.072 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 16.791.711.744 Bytes frei
.
- - End Of File - - 0AC4C8076A7CB5F13175C7E7C518ACCE
|
|
25.03.2013, 15:19
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2013, 22:44
| #9 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus, hier nun die Logfiles der nächsten Schritte. Soll bei den Scans auch die Internetverbindung getrennt sein? Schritt 8 Junkware Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Ultimate x64
Ran by OXOMOXO on 25.03.2013 at 22:08:15,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
~~~ FireFox
Successfully deleted: [File] C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\user.js
Successfully deleted: [File] "C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi"
Successfully deleted: [Folder] C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\smartbar
Successfully deleted the following from C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\prefs.js
user_pref("CT2269050.1000082.currentList", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"type\":\
user_pref("CT2269050.1000082.isPlayDisplay", "true");
user_pref("CT2269050.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\",\"description\":\"Radio 8\",\"text\":\"Radio 8\",\"typ
user_pref("CT2269050.1000082.nowPlaying", "{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"type\":\"S
user_pref("CT2269050.1000082.publisherStations", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"ty
user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT2269050.1000234.TWC_TMP_city", "");
user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.autoDisableScopes", -1);
user_pref("CT2269050.defaultSearch", "FALSE");
user_pref("CT2269050.defaultSearchDisplayName", "");
user_pref("CT2269050.defaultSearchUrl", "");
user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2269050.enableAlerts", "always");
user_pref("CT2269050.enableFix404", "");
user_pref("CT2269050.enableSearchFromAddressBar", "");
user_pref("CT2269050.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.installId", "");
user_pref("CT2269050.installType", "");
user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2269050.openThankYouPage", "FALSE");
user_pref("CT2269050.openUninstallPage", "FALSE");
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "0");
user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1333804324250");
user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1333804327753");
user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1333804323494");
user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1333804326805");
user_pref("CT2269050.serviceLayer_services_login_10.7.1.62_lastUpdate", "1333804327721");
user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1333804323684");
user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1333804325342");
user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1333804323025");
user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1333804322525");
user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1333804324399");
user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1333804322998");
user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1333804323639");
user_pref("CT2269050.settingsINI", true);
user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.isHidden", false);
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("CT2269050.smartbar.userID", "UN99569547235419747");
user_pref("CT2269050.startPage", "FALSE");
user_pref("CT2269050.toolbarBornServerTime", "7-4-2012");
user_pref("CT2269050.toolbarCurrentServerTime", "7-4-2012");
user_pref("browser.newtabpage.blocked", "{\"9Rh3/cjLplxjC9ujcPSs+A==\":1,\"9SEkiyIPTGY5dgLIvoMzPw==\":1,\"BgtHR0Pfekm6tCPTfPjCfQ==\":1,\"q7CibMEP4IPaxSGLxagUvA==\":1,\"pNAH+f7
user_pref("extensions.jid1-F9UJ2thwoAm5gQ@jetpack.install-event-fired", true);
Emptied folder: C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2013 at 22:14:06,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 25/03/2013 um 22:16:38 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : OXOMOXO - OXOMOXO-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\9.Schritt\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\prefs.js
Gelöscht : user_pref("CT2269050.1000082.currentList", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.[...]
Gelöscht : user_pref("CT2269050.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio[...]
Gelöscht : user_pref("CT2269050.1000082.nowPlaying", "{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18[...]
Gelöscht : user_pref("CT2269050.1000082.publisherStations", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.2[...]
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
*************************
AdwCleaner[S1].txt - [2899 octets] - [25/03/2013 22:16:38]
########## EOF - C:\AdwCleaner[S1].txt - [2959 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.03.2013 22:24:33 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,33 Gb Available Physical Memory | 72,22% Memory free 11,98 Gb Paging File | 10,25 Gb Available in Paging File | 85,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,21 Gb Total Space | 18,03 Gb Free Space | 15,13% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 128,69 Gb Free Space | 27,63% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 60,81 Gb Free Space | 6,53% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 153,52 Gb Free Space | 8,24% Space Free | Partition Type: NTFS Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys () DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.) DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 08 42 BD 42 F2 CC 01 [binary data] IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{06147D0B-3E6D-4F2B-9E14-73283861B7B1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{3266822E-E7AC-4C78-8D31-B5C47706CED5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{35EEE4DB-B189-452C-99FE-714F13F28999}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{6AEF6E0A-71D1-4D6F-B13F-3AE1249E62CC}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=&search={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{96706323-4C6D-4ECA-B5A5-F54664802C08}: "URL" = hxxp://www.google.at/search?q={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{B49B91C3-ECC9-410B-B47E-E11BDA4787BD}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms} IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr" FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: flashkiller%40joli.clic:1.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.5.48.1 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.4.0 FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.7.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.http: "193.27.209.200" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2013.03.04 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] [2011.07.21 06:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Extensions [2013.03.25 22:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions [2013.02.22 15:29:23 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.03.15 23:07:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.01 23:33:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.01.14 17:58:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2013.02.23 21:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.14 23:42:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com [2012.05.16 19:49:14 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\fb_add_on@avm.de [2013.03.03 15:25:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.05 18:36:15 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\anticontainer@downthemall.net.xpi [2011.07.22 10:56:05 | 000,120,125 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\dtaScheduler@forboden.com.xpi [2012.07.06 22:04:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.02.23 16:26:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\firebug@software.joehewitt.com.xpi [2011.07.22 04:56:50 | 000,028,950 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\flashkiller@joli.clic.xpi [2013.02.10 14:10:53 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\stealthyextension@gmail.com.xpi [2013.01.29 17:31:23 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.03.23 17:12:34 | 000,349,484 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011.07.22 04:56:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.02.09 20:50:48 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2012.02.26 14:44:28 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013.03.03 22:14:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.14 23:42:51 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.25 21:53:09 | 000,014,059 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013.02.14 11:45:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.29 20:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.15 15:54:58 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.03.02 15:27:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.12.11 18:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2011.07.22 10:58:38 | 000,001,632 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\firefox-add-ons.xml [2012.08.31 16:16:02 | 000,002,492 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\ixquick-https.xml [2011.07.22 10:58:26 | 000,004,140 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\youtube.xml [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.04 00:17:30 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES (X86)\ACEBIT\PASSWORD DEPOT 6\FIREFOX [2012.12.20 21:03:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.10 20:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 20:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 20:08:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 20:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 20:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 20:08:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.24 18:10:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835 O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O15 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4D7B0E-AD50-43C6-9EDB-1996E49EC5B7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70B23B1-6204-418A-8226-B226FD078D91}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 22:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.25 22:07:50 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.24 18:22:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.24 18:02:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.24 18:02:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.24 18:02:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.24 18:02:31 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.24 17:59:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.24 17:59:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.23 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.22 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\IsolatedStorage [2013.03.22 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\Futuremark [2013.03.22 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\Documents\3DMark [2013.03.16 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite [2013.03.16 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.03.14 19:59:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.13 19:40:38 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 19:40:38 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.13 19:40:38 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.13 19:40:38 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.13 19:40:38 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 19:40:38 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.13 19:40:38 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 19:40:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.13 19:40:38 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 19:40:38 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.13 19:40:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.13 19:40:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.13 19:40:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.13 19:40:38 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.13 19:40:38 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 19:40:38 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.13 19:40:38 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.13 19:40:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.13 19:40:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.13 19:40:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.13 19:40:38 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 19:40:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.13 19:40:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.13 19:40:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.13 19:40:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.13 19:40:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.13 19:40:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.13 19:40:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.13 19:40:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.13 19:40:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.13 19:40:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.13 19:40:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 19:40:37 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 19:40:37 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.13 19:40:37 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.13 19:40:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 19:40:37 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.13 19:40:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 19:40:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 19:40:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 19:40:37 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.13 19:40:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.13 19:40:37 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.13 19:40:37 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 19:40:37 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.13 19:40:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.13 19:40:37 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 19:40:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.13 19:40:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.13 19:40:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.13 19:40:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.13 19:40:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.13 19:40:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.13 19:40:37 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.13 19:40:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 19:40:37 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.13 19:40:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.13 19:40:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.13 19:40:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.13 19:40:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.13 19:40:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.13 19:40:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.13 19:40:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.13 19:40:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.13 19:40:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.13 19:40:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.13 19:40:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.13 19:40:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.11 22:41:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.11 22:41:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.11 22:41:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.11 22:41:23 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.11 22:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.08 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.07 23:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.07 23:15:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.07 23:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.07 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\REINER SCT [2013.03.07 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REINER SCT [2013.03.03 13:29:23 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.03 13:29:23 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.03 13:29:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.03 13:29:23 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.03 13:29:21 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.03 13:29:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.03 13:29:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.03 13:29:20 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.03 13:29:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.03 13:29:20 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.03 13:29:20 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.03 13:29:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.03 13:29:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.03 13:29:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.03 13:29:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.03 13:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.03 13:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.03 13:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.03 13:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.03 13:29:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.03 13:29:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.03 13:29:19 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.03 13:29:19 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.03 13:29:19 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.03 13:29:19 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.03 13:29:19 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.03 13:29:19 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.03 13:29:19 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.03 13:29:19 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.03 13:29:19 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.03 13:29:19 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.03 13:29:19 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.03 13:29:19 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.26 00:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.26 00:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.26 00:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.26 00:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.26 00:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.26 00:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.26 00:32:36 | 000,958,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.26 00:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.26 00:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.26 00:32:32 | 000,245,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.26 00:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.26 00:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.26 00:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.26 00:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.26 00:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.26 00:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.26 00:32:04 | 000,201,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.25 22:19:27 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.25 22:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 21:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.25 21:47:41 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.25 21:47:41 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.25 21:47:41 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.25 21:47:41 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.25 21:47:41 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.25 21:45:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 21:45:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 18:10:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.21 19:21:16 | 000,000,000 | ---- | M] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.13 19:40:38 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 19:40:38 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.13 19:40:38 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.13 19:40:38 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.13 19:40:38 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 19:40:38 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.13 19:40:38 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 19:40:38 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.13 19:40:38 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 19:40:38 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.13 19:40:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.13 19:40:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.13 19:40:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.13 19:40:38 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.13 19:40:38 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 19:40:38 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.13 19:40:38 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.13 19:40:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.13 19:40:38 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.13 19:40:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.13 19:40:38 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 19:40:38 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.13 19:40:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.13 19:40:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.13 19:40:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.13 19:40:38 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.13 19:40:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.13 19:40:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.13 19:40:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.13 19:40:38 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:38 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.13 19:40:38 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.13 19:40:37 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 19:40:37 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 19:40:37 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.13 19:40:37 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.13 19:40:37 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 19:40:37 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.13 19:40:37 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 19:40:37 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 19:40:37 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 19:40:37 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.13 19:40:37 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.13 19:40:37 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.13 19:40:37 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 19:40:37 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.13 19:40:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.13 19:40:37 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 19:40:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.13 19:40:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.13 19:40:37 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.13 19:40:37 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.13 19:40:37 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.13 19:40:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.13 19:40:37 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.13 19:40:37 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 19:40:37 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.13 19:40:37 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.13 19:40:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.13 19:40:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.13 19:40:37 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.13 19:40:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.13 19:40:37 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.13 19:40:37 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.13 19:40:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.13 19:40:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.13 19:40:37 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.13 19:40:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.13 19:40:37 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.13 19:40:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.11 22:41:20 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.11 22:41:20 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.11 22:41:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.11 22:41:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.11 22:41:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.11 22:41:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 23:24:13 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2013.03.05 16:03:10 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.05 16:03:10 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 00:17:31 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk [2013.03.03 14:54:56 | 000,001,061 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.26 00:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.26 00:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.26 00:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.26 00:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.26 00:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.26 00:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.26 00:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2013.02.26 00:32:38 | 001,107,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.02.26 00:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.26 00:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.26 00:32:36 | 000,958,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.26 00:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.26 00:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.26 00:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2013.02.26 00:32:32 | 000,245,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.26 00:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.26 00:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.26 00:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.26 00:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.26 00:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.26 00:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.26 00:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.26 00:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.26 00:32:04 | 000,201,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.25 22:19:18 | 000,416,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.24 18:02:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.24 18:02:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.24 18:02:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.24 18:02:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.24 18:02:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.21 19:21:16 | 000,000,000 | ---- | C] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.13 19:40:38 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.07 23:15:13 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.06.19 17:45:09 | 000,004,096 | -H-- | C] () -- C:\Users\OXOMOXO\AppData\Local\keyfile3.drm [2012.02.23 23:53:04 | 000,003,584 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.18 02:23:17 | 000,007,641 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\Resmon.ResmonCfg [2011.10.08 23:05:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.08 23:05:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.27 13:29:02 | 000,017,408 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\WebpageIcons.db [2011.07.21 03:55:21 | 001,598,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
25.03.2013, 22:51
| #10 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck OTL Extras Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 22:24:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,33 Gb Available Physical Memory | 72,22% Memory free
11,98 Gb Paging File | 10,25 Gb Available in Paging File | 85,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 18,03 Gb Free Space | 15,13% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 128,69 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 60,81 Gb Free Space | 6,53% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,52 Gb Free Space | 8,24% Space Free | Partition Type: NTFS
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1C1AA-46B6-4A6A-A57B-773ABB67B316}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B35B5A4-04C9-4F53-BAE0-80F94BDA32DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1089ACE5-0CCD-4D11-8F23-4644EEB90C59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D450791-D779-4B5C-95B7-5088A16A2DEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B7AD6D9-8652-4A49-B018-509CC3FCD9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A65425-95F4-456F-A0A7-C87C8FBA5073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B5E083F-CFDD-43DD-BBAD-E58DA707661D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BB8A7B9-CF0B-4371-BC4E-A4715C9CDBC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E5631B1-99C2-4BDC-AD2E-C37B1ECDA0EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{576ECA21-1C46-4B74-9116-80E21302E766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6037C601-55B2-4AD7-8C92-9B0F0A894CF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{603CAD2D-429F-48BD-972F-1427FE3BECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68F918A2-F7F4-4741-B0E4-E9ED7A997011}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87198B0D-E93E-4E80-9499-415A95ABEFA2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F5BAC88-D2C2-4C28-8DCF-6624F56C12A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99111059-5DAD-483B-B5CC-0B5DA5EC3AA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE0A8CBB-3BC7-4A5C-9317-740151C2675F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1563398-039F-4A23-BF87-E0B177F26DA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD05E012-345A-4BE8-BE12-5CFC1A514F17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE64A1AB-6E74-4368-A3D1-371E0BC8249F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7062837-CB90-40C3-BF61-09DB7C665F13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E73EE358-F6C8-4C23-98D7-75F05B954C59}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC97A9-1044-49D6-A8B8-4AD5CA24548B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{034EA0EA-15EC-4713-A7BE-6C56F5F19624}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{03824658-E6E2-4F3C-B88E-902F32CD7C42}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{065276C8-0B29-4943-8CB0-9CF77252DA4A}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{074D4541-AAA1-46DC-89AE-D14B0636323F}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{08B29CBC-2EA3-4CDD-B0CD-1C2EB1B5F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A8E9838-8429-46FE-8CAC-A2F0E892E18C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BD4D823-62DC-4D6D-9597-92AFBDB4D39B}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklauncher.exe |
"{0E1CB3BE-3C2D-43B5-8BAC-BEBF14BB994D}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{0E96AD09-83A9-48EF-8A97-9087BF8B7877}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{114EDCEE-9B6A-44DC-9F32-8B3A1E6FD820}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{13EDB007-FEF7-4A32-8721-8ED09F72BF2C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{14BD77B6-C51E-4DAE-BB87-EE0F48D2F0F1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64_steam_beta\3dmark.exe |
"{14D8592F-B92A-434D-9B7C-1F8B05386268}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1589933C-91E3-46F7-A405-DB97CEC695BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{17F38B1E-46CB-4EEB-A6BD-CF007D065DC7}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklauncher.exe |
"{196B796F-1855-4D67-AFBC-1718487CF7A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19F103EA-469D-41BB-A840-25C00327DAF7}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1C336387-FD25-4C99-AF75-D9D00D20C212}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{1D0D58FE-8761-42B7-AF86-97D32002356B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{1D4A32D1-8E88-435F-854F-D7065144712B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{204FA3F0-2C5B-4AB6-8EA9-64CF95936255}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{2458B340-DF35-4331-B311-ACA81B79CBD6}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{24E1908C-3BC4-4352-AE78-A3F45EF5604C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{29A5FDAB-E5BC-43EA-87A6-0553AB99928B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{29A73764-3868-4BAF-9323-24C4095D1265}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{2C9F2368-E4E1-48D8-B681-D8C4DB5B3441}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{2EAE3536-12C1-4A89-B538-1FFDD514460D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"{34378499-5CEA-43E9-9F40-606224B0E0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{34901DEE-A30A-480A-8DAD-F3B09492F62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35AFC599-C634-4421-A07F-4FBE4A800186}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37566264-3092-4727-900E-C0EB5126F31C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{38EB59C9-F2B5-4DCD-A006-FA584382D73F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3CB0939E-632A-44AD-857E-5BAA9E7DB73F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{3E483AB0-C0A9-4216-851C-1989F8AA8DD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42EBE8E2-DD81-4A05-A17E-97BA119788F3}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{450D6BC3-A6D2-45D7-85E5-3B1BDF7F765F}" = protocol=6 | dir=out | app=system |
"{4731A120-FF47-4E01-8BC4-6063788FFE4C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{4799BCAD-3746-47EA-BD7E-428AD71AF188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{49083415-26B0-4226-955E-E4F6FDA8A5E3}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{4D2B2A59-43D9-46E6-A9AC-149009BDE9F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{4EE63132-9DAB-4D57-9B4E-AE74AFD7C177}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklaunchersteambeta.exe |
"{4F84E32B-BD66-489A-8B39-B5D04F7E7771}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{51C255D0-C33E-4323-864B-C6A6D9B89581}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{52823517-651C-456A-9164-D84048B69631}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{54D5AC0A-D788-4759-8D36-62799DD0F67D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57463554-8171-42E1-A198-5E8C285AFA15}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{57BD2394-52C6-459E-B3CE-2BED1EA18A7E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{58683A6E-F45B-462F-B8DF-A63DB020BD2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A603016-DD13-464B-B423-EA44763351C1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{5CC6B97A-E0FA-428E-BD5E-7C56EDF110D9}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{60F8EFA2-59E9-40DD-BC28-9E433FBC2F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67E7AB61-7257-443D-AC64-8E15B88A0ABA}" = protocol=6 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B53DDB6-8DDC-455B-A270-E9AF610E32A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AD076F7-2189-4680-A788-37B5832183A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7CADE6DD-4C93-45B5-9440-8D8908EF431E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86\3dmark.exe |
"{7EC169F4-29AB-4504-A0CC-3133583A1EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80CFFBB7-911D-4A9F-86FB-BDBB9586A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{85247B4F-F44C-4CFD-BB0D-54D25B62DF18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A3EA29-C803-428C-BE37-6BFE1A1A9280}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{8A19CC0D-20B7-47F3-8386-103530C13402}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{8BFED094-135D-47BA-A95E-C8D4CBA3FDEA}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{8DD69384-FB54-47C8-A36B-86BA6C8AC5E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{8E16E3A7-6091-4ACE-A43F-97C988CE5D24}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{8E3D0785-F43B-456F-ABA1-E405734AE253}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklaunchersteambeta.exe |
"{9230FE4E-EB73-43F3-8830-79D109EC8151}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{92766F9D-07D8-4E4D-BDD7-98FCA29981F8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{937751A1-B3E3-4F5F-BCFD-02555D97B3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AA8775A-B12D-41BE-858D-0B73480453CE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{9BA55D57-F796-4328-87B9-5A14EB7BFEF1}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{9C12345E-7506-4FCD-B388-DB06A6A78826}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{9DDA1620-300E-43FE-8A8D-9ED4E1F88675}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{9EFBF356-6798-430F-90BF-1362F483C089}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{9F5795BA-9B2B-4636-8A94-658C08F79BEB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{A019B2A6-B6B9-4C2A-A4F7-E92A91BF3105}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A60A456A-BC8A-456A-8AF1-6E2C93D1BF8E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86_steam_beta\3dmark.exe |
"{A73AEB97-7971-403D-B953-90D6D6D81FC2}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{B0691EC9-7F09-4294-873E-B8EC7AC08CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B3C09AE2-9498-4217-9695-4F172BE504E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{B3E08893-0775-49FB-AEB0-262DD76E712A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B644451C-6D78-4402-9DEF-113ACBAF8597}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B760BE85-4423-46A1-85FC-1313508AB57F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B8219290-2744-4635-813A-98CAC2DBEC13}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{B9B1B8BA-2D95-4368-889A-933B9582C51C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{BDB4308B-8BA3-4E08-B054-98D76BEF6FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{BE60EBB5-A092-464C-BF80-8E9BCB311255}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64\3dmark.exe |
"{C009661E-1C8D-4051-B31E-CBF8A11A79AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C1C4A689-2E4E-4C17-B27D-AB6553173865}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C36AF29B-70F4-4452-A8E8-AF409BA43799}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C3700B4E-A6C1-467D-9BF6-4290CC285295}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{C5881EE9-68F9-4663-A3BF-0D81186C2279}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64_steam_beta\3dmark.exe |
"{C6AF522A-5431-4ACC-A79C-3E5340635994}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C9C26E99-F066-4719-965B-69533C77F328}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CA7CDCD9-DDCB-4BBD-925A-2F7D122BFEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CAAFB741-B900-4BEF-9A3C-1DD7F7D79E4D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{CB9BC41E-97B3-4EE4-92CA-9ABED9F04457}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{CB9D580C-7743-4EC6-A787-9C1C1F568B66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CC2A9358-6F22-4010-9A89-72EB98243142}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{CD12063E-3A8D-4922-A73F-FC2ED4250A8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDDD53F7-B9C3-474C-8009-1FB7B2DFA25B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86\3dmark.exe |
"{CE12D7BD-E112-4490-AB7C-38C85E074B0D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{CE2520BC-C012-426D-AC91-626EE16B7E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D530C5C4-AF60-4291-9930-C8BB5A3DF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6C24D9F-08CB-4896-B086-999BA011CB28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6D32F6E-7F14-4627-88CE-6251325CF5E8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{DCB1F359-1063-45E8-920C-9C4B108C7941}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{DD351889-6709-469F-9475-888762BCD803}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{DDC8B000-68AD-4961-B310-04F469C5FE22}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E014BCCE-4E00-4298-8175-A36201445553}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{E3804C2E-3366-4BE6-862B-26DC54018D29}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86_steam_beta\3dmark.exe |
"{E61EE88F-B237-4AD1-A6DA-DF1D73AFDAEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EB5F3FDE-4C9B-46A4-ABB4-D74D8DBB2AFB}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64\3dmark.exe |
"{EDFDA0DE-B54F-4A09-B724-E3E1F1A2B170}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{EFF71173-3810-46F0-89E3-1F2EB9BDCC9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F04E3C45-E53F-4CEC-BF2F-DB8ADF3FA4DC}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{F59ABE4E-84BE-4240-B586-CA1FB95EF765}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{FAF2ED6D-8037-40C4-BDD2-430312E54A8E}" = protocol=17 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB2F82B8-DA2E-44F3-96F8-340ECB97C5E0}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{FB3A49CB-D3DC-4DAE-AB27-7CCA5038C185}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE69E48-0B7C-492E-B11A-72FC1B89CA0F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"TCP Query User{5088C0B5-6189-41F2-9F74-0EBF6F1233E7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E21B7AA9-140A-44BD-A5F1-F74A6136AC08}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.30
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-65fdd504-e7d5-463d-b80d-d2087eb2a27b" = My Game Long Name
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFAA49C-2B1D-4808-B43A-4AAFF0475B04}" = Plus Pack für Acronis True Image Home 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"Anti-Twin 2011-07-23 03.08.03" = Anti-Twin (Installation 23.07.2011)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Endless City" = NVIDIA Endless City demo
"ESN Sonar-0.70.0" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"ITN Converter_is1" = ITN Converter 1.78
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neolog_is1" = Neolog 1.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PreSonus Studio One 2" = PreSonus Studio One 2
"PS3 Media Server" = PS3 Media Server
"Steam App 100410" = CameraBag 2
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 107900" = War Inc. Battlezone
"Steam App 113420" = Fallen Earth
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 13520" = Far Cry
"Steam App 17410" = Mirror's Edge
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 203850" = Microsoft Flight
"Steam App 205230" = Hell Yeah!
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 214850" = GameMaker: Studio
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 221080" = District 187
"Steam App 231350" = 3DMark Demo
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38830" = CrimeCraft GangWars
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Winamp" = Winamp
"XnView_is1" = XnView 1.99.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 25.03.2013 17:19:39 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Wie geht es weiter? |
|
25.03.2013, 23:26
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2013, 13:10
| #12 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus, die 2 Scans habe ich erledigt. Dauerte etwas länger bei ca. 7TB. Wenn alles OK ist, sind wir dann fertig mit den Scans? Können wir noch versuchen den PC evtl. sicherer zu konfigurieren? Schritt 11 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 OXOMOXO :: OXOMOXO-PC [Administrator] Schutz: Aktiviert 26.03.2013 23:16:03 mbam-log-2013-03-26 (23-16-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235618 Laufzeit: 1 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
|
|
30.03.2013, 01:07
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Mit dem ESET-Log stimmt etwas nicht. Hast du ESET als Admin ausgeführt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2013, 15:30
| #14 |
| | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Cosinus, habe den ESET Scan noch einmal durchgeführt. Ein paar externe HDDs habe ich weggelassen. Mein Problem mit dem Explorer besteht noch. Im www werde ich nicht weiter schlau daraus. Da gibt es zu viele Probleme. Kannst du mir dabei helfen? Schritt 12 ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=247c10f8daf5a646b65d9d50fbe2441a
# engine=13517
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-30 03:21:29
# local_time=2013-03-30 04:21:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 63523 19426811 0 0
# compatibility_mode=5893 16776573 100 94 62718 116286739 0 0
# scanned=469095
# found=0
# cleaned=0
# scan_time=9315
|
|
01.04.2013, 14:58
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Ok, bitte nochmal zur Sicherheit den Malwarebyts Quickscan widerholen, vorher aber bitte die Signaturen aktualisieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck |
| absturz, adobe reader xi, computer, ebanking, explorer, install.exe, internet security 2013, intranet, jdownloader, kaspersky internet security 2013, launch, ntdll.dll, plug-in, safer networking, scan, shell32.dll, systemcheck, trojaner-board, win32k.sys, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
