| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit Sirefef.AHWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.01.2013, 00:38
| #1 |
 |  Infizierung mit Sirefef.AH Hallo Trojaner-Board hab heute ne Meldung von Avira bekommen Sirefef gefunden ... auf entfernen geklickt danach hing der Desktop ne Weile und danach ging ein Fenster der Benutzerkontensteuerung auf und wollte ein Flashplayer update installieren hab denn laut Anleitung den defogger gestartet ... der Restart danach dauerte ne gefühlte Ewigkeit denn OTL durchlaufen lassen gmer ist mir abgestürzt danach ging Firefox nicht mehr mbam läuft noch OTL.TXT Code:
ATTFilter OTL logfile created on: 1/13/2013 11:10:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.41% Memory free 8.17 Gb Paging File | 5.98 Gb Available in Paging File | 73.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.66 Gb Total Space | 21.94 Gb Free Space | 22.47% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cak\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Windows\VM302Snap.exe (Vimicro) PRC - C:\Windows\Domino.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\Domino.exe () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (RT73) -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (ZSMC301b) -- C:\Windows\SysNative\Drivers\usbVM302.sys (Vimicro Corporation) DRV:64bit: - (vvftav302) -- C:\Windows\SysNative\drivers\vvftav302.sys (Vimicro Corporation) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (PzWDM) -- C:\Windows\SysWOW64\drivers\PzWDM.sys (Prassi Technology) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (ZSMC301b) -- C:\Windows\SysWOW64\drivers\usbVM302.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3rc1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/01/05 15:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions [2010/04/29 20:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/01/05 15:34:08 | 000,533,130 | ---- | M] () (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/11/23 15:21:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010/01/25 11:56:02 | 000,002,055 | ---- | M] () -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\searchplugins\daemon-search.xml [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/01/11 09:33:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/02/07 12:09:39 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011/10/12 19:18:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/31 20:24:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/12 19:18:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/12 19:18:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/12 19:18:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/12 19:18:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [Akamai NetSession Interface] "C:\Users\Cak\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8056BD-A92B-46D3-93D1-A3EFAFCB861B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4FB6C2-A7B0-4980-9E77-7E071EAEDA5C}: NameServer = 192.168.2.100 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14dadbc2-b4eb-11e0-a5d7-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{14dadbc2-b4eb-11e0-a5d7-001fd09b957d}\Shell\AutoRun\command - "" = I:\iStudio.exe O33 - MountPoints2\{7604eb40-fd5b-11e0-b31d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7604eb40-fd5b-11e0-b31d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{b04fe360-3c0f-11e0-99db-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{b04fe360-3c0f-11e0-99db-001fd09b957d}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{be4f4128-10b8-11de-b4fd-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{be4f4128-10b8-11de-b4fd-001fd09b957d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f7b85888-d8cc-11e0-a762-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{f7b85888-d8cc-11e0-a762-001fd09b957d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.html O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/13 22:55:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/01/11 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/09 14:33:35 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Roaming\Apple Computer [2013/01/09 13:55:05 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 13:54:29 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll [2013/01/06 14:41:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013/01/04 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple Computer [2013/01/04 23:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013/01/04 23:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013/01/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/12/30 22:45:22 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/30 22:45:22 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/30 22:45:22 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/20 20:34:23 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/20 20:34:23 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/20 20:34:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/20 20:34:22 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/18 20:02:10 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\ESN [2012/04/15 12:23:55 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Comdlg32.ocx ========== Files - Modified Within 30 Days ========== [2013/01/13 23:13:31 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/13 23:13:31 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/13 23:13:31 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/13 23:07:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/13 23:07:11 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 23:07:11 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 23:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/13 23:06:25 | 001,187,610 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2013/01/13 23:04:28 | 000,000,188 | ---- | M] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:33 | 000,365,568 | ---- | M] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | M] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/13 22:55:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 22:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 13:37:10 | 000,000,985 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/01/13 13:37:10 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/09 20:05:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001A67.LCS [2013/01/09 14:31:31 | 000,255,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/06 14:35:33 | 000,021,490 | ---- | M] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2012/12/30 21:51:44 | 000,001,837 | ---- | M] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 21:25:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/30 21:25:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/30 20:52:56 | 000,000,972 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk [2012/12/30 15:58:18 | 006,696,960 | ---- | M] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/19 19:52:57 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/12/17 18:31:46 | 000,003,701 | ---- | M] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/12/16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files Created - No Company Name ========== [2013/01/13 23:04:28 | 000,000,188 | ---- | C] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:30 | 000,365,568 | ---- | C] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | C] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/06 14:35:32 | 000,021,490 | ---- | C] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2013/01/04 23:30:45 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/12/30 21:51:44 | 000,001,837 | ---- | C] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 15:58:16 | 006,696,960 | ---- | C] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/17 18:31:45 | 000,003,701 | ---- | C] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/04/22 12:48:01 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011/12/01 11:45:50 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/12/01 11:45:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/01/09 18:02:27 | 059,398,824 | ---- | C] () -- C:\Users\Cak\avira_antivir_personal_de.exe [2010/04/28 20:59:18 | 000,000,680 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps.dat [2009/03/14 23:47:31 | 000,175,104 | ---- | C] () -- C:\Users\Cak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/14 18:06:13 | 000,001,460 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 00:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/11/20 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Canneverbe Limited [2009/04/11 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\DAEMON Tools [2012/05/05 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\DAEMON Tools Lite [2012/03/25 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\FileZilla [2012/10/10 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\FOG Downloader [2012/10/30 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Foxit Software [2009/04/11 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\InfraRecorder [2013/01/12 00:16:00 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\IrfanView [2010/08/10 06:25:29 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LolClient [2012/05/28 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LolClient2 [2012/09/08 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LucasArts [2009/03/15 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\OpenOffice.org [2012/12/18 19:53:13 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Origin [2011/02/18 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\ProtectDISC [2012/01/09 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\RavensburgerTipToi [2012/02/27 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\rosutec [2012/12/09 12:16:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Samsung [2009/06/01 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\SystemRequirementsLab [2012/08/05 10:45:19 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Temp [2012/06/01 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\TomTom [2012/02/22 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Ubisoft [2013/01/09 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\WinTrack [2012/07/22 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp [2012/07/22 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/13/2013 11:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.41% Memory free
8.17 Gb Paging File | 5.98 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 21.94 Gb Free Space | 22.47% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 76 08 C7 F3 C5 A4 C9 01 [binary data]
"VistaSp2" = F1 2B 2F 6E E9 E1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B9E5F-0458-4352-8D7B-C2C5F0D94A2A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{08188ED9-EBA2-4C8F-BB8B-2863B4872591}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{103BA2FE-0BF1-4A9D-9659-23229244350B}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{16A3CA95-0999-4FDD-8C9F-FC09CD3972B5}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{16DE800F-FA5B-44C3-AC58-5B65679B7BB4}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{1B442D22-B920-443E-8760-8E5CB8521CA5}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{1BE8624B-8CF8-48CD-961A-AF4266F61C8D}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |
"{29C9A4BB-B053-441E-B7D8-9D4BED5EB5B8}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher |
"{2A9C90CA-BCD8-46FC-AE46-1371B39FBE88}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{2EE4FD3B-A41E-4D48-89D6-60846FB7F44E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{32949B98-CAAE-450F-855C-D5DFAF7D0F91}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{35650932-B218-4D8B-BE3F-66D8DA38D455}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{398E9AA0-FABA-4CAB-8C7B-620705CFCE1B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3DA51F33-1A0D-4367-9285-A79C5BD6BED6}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{54A02AF8-FBB5-4FED-A630-25F9020C5A39}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{56ACFBEA-A11D-4302-A8C4-F093FF4E6AD6}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher |
"{62E76AC4-9CCC-4015-802C-E6AF510B5F4D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{64FFAD97-7949-44CE-9122-04548F338709}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{662F3E4F-6648-4E28-A596-C891D23550A0}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{6AFF2DE8-E2D6-4140-9768-C34F719C3A59}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7424ADDD-AC6D-4199-A82B-7EC682D5AC37}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{746BC5DD-88EF-48FC-8D54-0C60CF89C6E1}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7D618C44-BFCF-487A-9BC1-22B4E92A6F87}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{7EC8E5D8-F58D-464E-BE0E-4176F51DB44F}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{81B4DC9A-FB88-4C21-A937-01EABA5A7EBD}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{83D33BCD-0072-429E-88A6-DE9F6C0CCDD1}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{85A7F939-EE91-471C-8061-C1CF61500468}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{8609534B-954F-4470-9C45-D72E67F59580}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{8F4A74EF-F3B6-4FD8-A3B1-2CEDDF406CF7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{97566BF3-215D-4485-BC07-57738BBFDA75}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{9836EEAC-B78A-441D-B1BA-1D9D3140C654}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{9B01DC72-466B-4A89-9F0E-3D2CCB6AED60}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{A61EDF1D-71D3-422C-93F1-D50E4AEE9431}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A986652F-7D60-4F6A-83F5-77BAAD81CFE1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{B1114B17-3B16-485C-92FE-A276A6B41A70}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
"{B94FFD26-DD6C-492A-8A2A-8EC8B0663BF3}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{BE9785A8-8327-4CA9-824E-FC887117A97B}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher |
"{BFDB6E35-2257-4927-803F-61738D78C1BA}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{C4938FD5-7529-4645-AADE-7904F6BC3816}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{D02E09A6-3924-40A6-852D-2F5C4973F6E6}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{D15DC202-13C4-4AFD-8721-6EBDB88BC4F1}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher |
"{D6D8CFC2-4017-4929-8691-AAB77E868BFA}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{DF58A3DE-8402-47C2-9E9A-0B39FA3B880B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DF9562DD-0F3A-4018-990A-C825BC8B73C5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E2630D3E-7EC1-44D9-9D19-1168C11A1020}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
"{E4D0D7DD-C6E9-477A-9A80-1FD05266EFDB}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{E9F0F218-1A02-457D-ADB0-B945D5BCDC19}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F3C3470A-3CC9-48EB-B25F-78C28F704049}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{F67B132F-843E-4983-A362-423B0B9B3BD7}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{FCD5EF61-FD8D-4667-A755-764298F7140C}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{FEA872A3-92E0-4417-9753-C90F7920514E}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EC0757-290C-4061-A867-A68C6ADEEE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0A0FB620-0641-49A0-A3B9-FD3920BAB62C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{0E43AC73-08AF-47A5-BB8F-C194AD2E1B0A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{0FEB7246-CF41-4919-85DD-02021B4B183F}" = protocol=17 | dir=in | app=d:\anno 1404\anno4.exe |
"{1075578C-C548-49C3-BA60-3AB6E020CBD1}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{147AC8CC-1B3D-435F-BFFC-94814E623DBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{180E3DF4-14DD-4838-9FC9-FB5C93A54DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{19DCD7B5-C6E9-42FB-8ABB-3E912AE63DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{1FB34491-9D76-46AF-BFB5-BAA3210BF1EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1FE1AD36-BF3B-4DBC-A0C8-CB0138DC7ECE}" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{256B7BAA-B553-4BB8-BEBB-E9FD0627EC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{26E16189-4B65-41BA-B0E3-73D36F03535F}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{28733288-61A5-4D76-8041-203E09B21E38}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{3004732B-12D5-4B79-82AC-98D89EB463BA}" = protocol=6 | dir=in | app=d:\anno 1404\anno4.exe |
"{32FEC8BE-0F21-4F4D-8B83-DF74AAB8E8BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{33A64507-E6D1-4371-B6BB-DD64A7497707}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{3509916F-E046-428B-8EB1-CC1B979F81AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3558D30B-BB6C-45D5-B6ED-F6F67BC12F07}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{37F7423B-0E43-451C-BC45-AF043E8DF300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38EB86AD-48C4-4824-A455-DEA97E25B341}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3CE7E603-77EE-44DE-8EA6-AD0B92957F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{3D6028A0-26E8-446A-A717-40D2CD623606}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{4075D48F-FF6E-45A0-A2C2-4F75C0AE1EFA}" = protocol=17 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{41858A83-894C-4839-BCF4-7BA476BCCCAD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{42490839-6B60-4C58-9AB1-C00FB02549ED}" = protocol=17 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{42F2D0FB-7112-4215-9963-C91E1EE5FC8E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{485827B3-18F7-411B-B12E-E5CB3BE47F27}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{49F34266-7B49-4918-8241-420102C7C1DA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{4E7A5E91-A962-487D-8700-ED9452233824}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{4FD821ED-80C5-42CE-9081-84407B1B1E09}" = protocol=6 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{509961EF-BCEE-4AE6-B738-67D7266B5899}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{55F65634-495C-4FF3-A36F-ACC92F1F9692}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{5D61C2D2-B88A-4D78-AA9E-D710F5E62A47}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D8D9001-7F7E-4F4F-B975-471F469346DC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{5DBA00CD-29C1-4C61-B256-A782AF1A8681}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{61F40945-E160-45E1-BBEF-26A905E74520}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{65397D2F-CE35-4B54-91BC-FBCFB1E258AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{6B42FF64-18A3-4102-98AB-8918D0A2D3A2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{6C8ACBF8-0DAA-4204-8079-C805F77F2C74}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{6D054E52-B7A8-4207-883E-467995E19839}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6D22E575-D7A3-407F-9805-E9F81DD9DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6EE1E78A-8987-4C5A-8DD3-955E2F78A62D}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{6FDB91BB-348F-40D2-AA67-9FB22A262C88}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{70407DA0-33DE-435F-A6A0-3EF4CDBA5010}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{7217C7F3-7B28-4FB2-B5E7-2F7777FFD571}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{790F92EC-0CBA-4745-B319-984474D784F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{7FAA6F37-9D0B-466D-94C3-BF57AA32F821}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{82CFD8CB-9A08-494C-9E90-5E02BCBF6BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{86BF0B12-6FA5-4865-80F8-C2E58509356C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8D67C057-0E34-4847-8A13-3F71CFD146DE}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{9262CC86-FC85-4FBB-BA64-A9B15CDB71B3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{99A701B7-04E1-472E-8224-5C7638D5D803}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{9DC57F02-8032-403C-AB1B-E5E393AAA34D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{9F2BA068-4169-4846-8A3D-6FC2E59D5F81}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9F6B228D-25BD-4280-8F8D-AA0BBC34348C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{A2AF22DF-7E79-481F-B5BE-9EB3D0170E16}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A91F9657-7027-45C5-9EA7-919721F7708F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{AAA058FA-C0C4-4778-86DF-1319C48557F6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{AC9EED3A-6B8C-49BE-B7D0-46CE8BB4E1CC}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{ACD1CD2B-1B10-4760-A48D-70C13CCFBE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{ACE2F1B8-247E-4EEA-B064-F7A468F53F4C}" = protocol=6 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{B06BC62F-35A2-431D-9180-4E8EC75E0431}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B16F3FAE-CA96-4206-ACD9-918C1102DF04}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{BF9528DC-A4C0-4FD8-AEA6-165FC9E87684}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6F6A74F-FEF9-4763-B083-BFDE554BAF47}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{C8C1E474-3755-439B-A439-5761DB8DB3C2}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{CC5A43EB-FCD9-43DF-B2DE-485A5D8D302F}" = protocol=6 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{CF9AF341-4880-496C-BAB2-F6DC1C39D833}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{D444A711-3E97-472E-917A-AC417EBF86A8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{E9C822EB-39B8-4BF9-B77D-2D99AD0A9160}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{EA05B816-E828-4FFF-86C0-3A11685BC4EB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{ED96E4FF-18C5-44ED-BB9F-347E5735C3D4}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{EE608B8D-C51A-4B7E-8990-D80232325056}" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{F17F53CC-02E2-40B8-8FD3-54276F2B61FE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{F85B3FB4-A236-4ED8-9813-2EE7FE365447}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FDD0B838-9ECC-49D7-BD78-185355110AB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{0A6A9548-2F0F-43E1-8124-50F2EBF3D9A1}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{19825952-666A-4C31-820F-22EBB1FD5CA2}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{21A9372D-FA6B-466B-A6D8-15DFAF3A8FF0}D:\railroad tycoon 3\rt3.exe" = protocol=6 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"TCP Query User{231615DF-8710-4B00-A39E-C66BC06DEA91}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{266210F0-52CA-4374-AA5D-ED6F2D97E917}D:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"TCP Query User{2D81E067-AA03-4AA5-9867-9FE3AC01843A}D:\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"TCP Query User{3651F95A-0899-448A-9689-2DA366C150C0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3B422D98-C8BD-4D36-9BDE-643155332086}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{47AD7556-FC5A-449B-9910-BED93BBAFEF6}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=6 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"TCP Query User{52768D67-7C8A-4008-B080-77F3814E71DA}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{6F2F0D52-D096-48D2-8AAD-5F3D0C36CEF1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{76FC457E-78E3-4871-A6C4-404A39DE5442}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"TCP Query User{7B2233E4-97A3-482B-B3CC-11D91F79D7F4}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{87BFB24A-976D-43DD-87FC-22A6CA0258F2}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{896EF397-6830-4A44-BAD6-7988DF35775C}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{8D874946-CEA3-451C-8E5D-7CFA0E287FD8}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{9275510A-6555-421F-8186-28B434018D39}D:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno 1701\anno1701.exe |
"TCP Query User{99336BCD-E29C-4ABB-9F08-82E2FA8B8EA7}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{9A648480-01DD-4EF1-AAFC-6B6827D4EAC5}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{A2E91762-2B92-4471-AC04-AA829A5BF289}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B947C281-995F-4987-8654-B2AAEF7F79CA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{DD332D19-ADF6-43EE-9AB8-83C1D6A1309C}D:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"TCP Query User{DDB26811-85B6-4061-BE9C-FE7F8FD56E33}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{E672722F-7F7D-4769-9CD0-B9476D9DAC9C}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{F6ABFD77-B38A-488D-B4F2-CA2A1F08D147}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{0D01525D-F534-4759-BACA-46B37890F50A}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{0E9768DA-6A90-4F2B-975E-C8825655CFAA}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{1A1F6B0C-2248-4235-800E-8DAA01FC876B}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{22BE2D74-A50B-4723-B580-0CF85D3A470E}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=17 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"UDP Query User{2CFB3E16-3389-44EF-991C-279D6425E4B5}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{2EFC8566-CB07-48F7-A45A-0E29D81C3DD2}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{2F30FB1D-9C69-4D3E-B9AA-D133B56D273A}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4814E675-FDCE-4BF8-8E43-C0A66BCDA3A3}D:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno 1701\anno1701.exe |
"UDP Query User{4AE1D5C2-922F-43F0-AF22-7C6B4E102125}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{4D5F8977-9B28-48DA-B5DD-4FB73D9D8628}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{4F0CBE65-97B4-4427-82EA-16D75577DD20}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{54DD48B6-0EB4-4536-BD82-EA299F0525D6}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{6E6A9448-8FD6-40A3-A1DA-BFBAE1FDFE3C}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{72B64D7E-0886-4FE8-BADD-451A061C0C21}D:\railroad tycoon 3\rt3.exe" = protocol=17 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"UDP Query User{731C64F6-4F3E-44E6-B841-E4DB15AE06D1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{74EAAE46-5521-4539-97E4-E4708BDE167C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{85C30DD1-1B19-4263-9F7A-D1A4A4E214D5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{AB5928FE-22D3-4188-88C8-1D58F6EA980A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{BB77E1E3-22BA-4CBD-A1C6-9D0FAA096A8A}D:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"UDP Query User{BD3F81B6-DEBD-41E2-AF6A-1C249BC28C5D}D:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"UDP Query User{CFAD3A05-A922-48D3-B2EA-A7B29A0C1C67}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{D8CC421A-3DF3-4BB4-A5E6-6CF7630105A0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E28F8368-FAF8-4F4A-AAB2-0DE78D387437}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"UDP Query User{F17246BE-D6ED-493C-BEE1-482A9C7E1EB3}D:\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"UDP Query User{FD0B9F42-CE32-4406-BC33-8F11372DBD34}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2C22EA92-CB30-4932-0046-020001000000}" = InfraRecorder 0.46 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA version 201201
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF5A3DC-D774-4991-860E-0B4D2C372BA6}" = BenQ Web Camera
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Civilization V" = Sid Meier's Civilization V
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"Jagged Alliance 2" = Jagged Alliance 2
"League of Legends_is1" = League of Legends
"Lernerfolg Vorschule - Capt'n Sharky" = Lernerfolg Vorschule - Capt'n Sharky
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Ravensburger tiptoi" = Ravensburger tiptoi
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 204920" = Jagged Alliance - Back in Action Demo
"Steam App 216690" = XCOM: Enemy Unknown Demo
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 39160" = Dungeon Siege III
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.4.2596
"Trackplanner_is1" = Trackplanner 1.1.12
"Uplay" = Uplay
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
"wintrack10demo_is1" = WinTrack Demo Version 10.0 3D
"WinUAE" = WinUAE 1.5.3
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2011 3:03:08 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:30 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:31 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/17/2011 5:33:28 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xfd0,
application start time 0x01cc5d254d25cf60.
Error - 8/19/2011 4:19:20 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xe38,
application start time 0x01cc5ead44bb44c0.
Error - 8/20/2011 3:49:38 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x11f0,
application start time 0x01cc5f724aa1c6f0.
Error - 8/21/2011 2:05:04 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10b8,
application start time 0x01cc602cd8629450.
Error - 8/22/2011 4:05:02 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10f8,
application start time 0x01cc6106c5353560.
[ System Events ]
Error - 1/9/2013 9:30:23 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/9/2013 9:32:18 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/9/2013 9:34:46 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/9/2013 9:34:46 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/11/2013 8:40:49 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/11/2013 8:40:53 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 1/13/2013 6:06:20 PM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/13/2013 6:08:12 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/13/2013 6:09:29 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/13/2013 6:09:29 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Cak :: CAK-PC [Administrator] 1/14/2013 12:00:17 AM MBAM-log-2013-01-14 (02-05-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 465965 Laufzeit: 2 Stunde(n), 4 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Cak\AppData\Local\Temp\hehda.exe (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) sry und gude nacht |
|
14.01.2013, 11:17
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierung mit Sirefef.AHZitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
14.01.2013, 11:36
| #3 |
| | Infizierung mit Sirefef.AH Hallo und Danke das Du dich der Sache annimmst
__________________das Log hab ich wohl in der Aufregung gestern vergessen hier isses Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sunday, January 13, 2013 22:07
Es wird nach 4651506 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows (TM) Vista Ultimate
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CAK-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 10/11/2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 11/14/2012 23:28:56
AVSCAN.DLL : 12.3.0.15 66256 Bytes 9/18/2012 20:41:37
LUKE.DLL : 12.3.0.15 68304 Bytes 9/18/2012 20:41:37
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/8/2012 18:50:02
AVREG.DLL : 12.3.0.17 232200 Bytes 5/10/2012 18:50:07
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 20:16:02
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 17:57:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 17:56:58
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 16:19:33
VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 21:25:14
VBASE007.VDF : 7.11.50.230 3904512 Bytes 11/22/2012 22:17:06
VBASE008.VDF : 7.11.55.142 2214912 Bytes 1/3/2013 22:16:55
VBASE009.VDF : 7.11.55.143 2048 Bytes 1/3/2013 22:16:55
VBASE010.VDF : 7.11.55.144 2048 Bytes 1/3/2013 22:16:55
VBASE011.VDF : 7.11.55.145 2048 Bytes 1/3/2013 22:16:55
VBASE012.VDF : 7.11.55.146 2048 Bytes 1/3/2013 22:16:55
VBASE013.VDF : 7.11.55.196 260096 Bytes 1/4/2013 16:06:01
VBASE014.VDF : 7.11.56.23 206848 Bytes 1/7/2013 22:16:49
VBASE015.VDF : 7.11.56.83 186880 Bytes 1/8/2013 21:10:56
VBASE016.VDF : 7.11.56.145 135168 Bytes 1/9/2013 20:40:49
VBASE017.VDF : 7.11.56.211 139776 Bytes 1/11/2013 22:16:47
VBASE018.VDF : 7.11.56.212 2048 Bytes 1/11/2013 22:16:47
VBASE019.VDF : 7.11.56.213 2048 Bytes 1/11/2013 22:16:47
VBASE020.VDF : 7.11.56.214 2048 Bytes 1/11/2013 22:16:47
VBASE021.VDF : 7.11.56.215 2048 Bytes 1/11/2013 22:16:47
VBASE022.VDF : 7.11.56.216 2048 Bytes 1/11/2013 22:16:47
VBASE023.VDF : 7.11.56.217 2048 Bytes 1/11/2013 22:16:47
VBASE024.VDF : 7.11.56.218 2048 Bytes 1/11/2013 22:16:47
VBASE025.VDF : 7.11.56.219 2048 Bytes 1/11/2013 22:16:48
VBASE026.VDF : 7.11.56.220 2048 Bytes 1/11/2013 22:16:48
VBASE027.VDF : 7.11.56.221 2048 Bytes 1/11/2013 22:16:48
VBASE028.VDF : 7.11.56.222 2048 Bytes 1/11/2013 22:16:48
VBASE029.VDF : 7.11.56.223 2048 Bytes 1/11/2013 22:16:48
VBASE030.VDF : 7.11.56.224 2048 Bytes 1/11/2013 22:16:48
VBASE031.VDF : 7.11.57.4 116224 Bytes 1/13/2013 12:35:42
Engineversion : 8.2.10.230
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/10/2012 16:19:40
AESCRIPT.DLL : 8.1.4.80 467322 Bytes 1/10/2013 22:16:51
AESCN.DLL : 8.1.10.0 131445 Bytes 12/13/2012 15:17:33
AESBX.DLL : 8.2.5.12 606578 Bytes 6/24/2012 16:19:56
AERDL.DLL : 8.2.0.88 643444 Bytes 1/10/2013 22:16:51
AEPACK.DLL : 8.3.1.2 819574 Bytes 12/20/2012 22:17:01
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 11/5/2012 22:17:18
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 1/10/2013 22:16:51
AEHELP.DLL : 8.1.25.2 258423 Bytes 10/11/2012 20:35:40
AEGEN.DLL : 8.1.6.14 434548 Bytes 1/10/2013 22:16:48
AEEXP.DLL : 8.3.0.8 188788 Bytes 1/12/2013 22:16:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 16:19:39
AECORE.DLL : 8.1.30.0 201079 Bytes 12/13/2012 15:17:32
AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 22:17:15
AVWINLL.DLL : 12.3.0.15 27344 Bytes 9/18/2012 20:41:37
AVPREF.DLL : 12.3.0.32 50720 Bytes 11/14/2012 23:28:56
AVREP.DLL : 12.3.0.15 179208 Bytes 5/8/2012 18:50:02
AVARKT.DLL : 12.3.0.33 209696 Bytes 11/14/2012 23:28:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 9/18/2012 20:41:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 9/18/2012 20:41:38
AVSMTP.DLL : 12.3.0.32 63480 Bytes 9/18/2012 20:41:37
NETNT.DLL : 12.3.0.15 17104 Bytes 9/18/2012 20:41:37
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 9/18/2012 20:41:37
RCTEXT.DLL : 12.3.0.32 98848 Bytes 11/14/2012 23:28:55
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50ed7130\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sunday, January 13, 2013 22:07
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hehda.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_4_402_287_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'track.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ReaderAppHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Domino.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VM302Snap.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKPrinterSDK.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKAiOHostService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'aavus.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n'
C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n
[FUND] Ist das Trojanische Pferd TR/Sirefef.AH
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 54ba8936.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c2da779.qua' verschoben!
Ende des Suchlaufs: Sunday, January 13, 2013 22:15
Benötigte Zeit: 08:12 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
29 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
28 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
2 Hinweise
202370 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
|
|
14.01.2013, 11:46
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2013, 12:06
| #5 |
| | Infizierung mit Sirefef.AH hier das ComboFix Log Code:
ATTFilter ComboFix 13-01-13.01 - Cak 01/14/2013 11:55:23.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2524 [GMT 1:00]
Running from: c:\users\Cak\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cak\avira_antivir_personal_de.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 11:00 . 2013-01-14 11:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-14 11:00 . 2013-01-14 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 10:53 . 2013-01-14 11:01 -------- d-----w- C:\32788R22FWJFW
2013-01-14 01:20 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 12:37 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DD1E25A-DE6E-40AC-89A1-363721348FF0}\mpengine.dll
2013-01-09 13:33 . 2013-01-09 13:33 -------- d-----w- c:\users\Cak\AppData\Roaming\Apple Computer
2013-01-09 12:55 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:55 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 12:55 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:55 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 12:55 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:55 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 12:55 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 12:54 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-01-04 22:35 . 2013-01-04 22:35 -------- d-----w- c:\users\Cak\AppData\Local\Apple Computer
2013-01-04 22:31 . 2013-01-04 22:42 -------- d-----w- c:\programdata\Apple Computer
2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\users\Cak\AppData\Local\Apple
2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\programdata\Apple
2012-12-20 19:34 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 19:34 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 19:34 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 19:34 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 19:02 . 2012-12-18 19:02 -------- d-----w- c:\users\Cak\AppData\Local\ESN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 12:56 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-30 20:25 . 2012-03-30 18:40 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-30 20:25 . 2011-05-26 17:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-20 18:43 . 2011-12-01 10:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-20 18:43 . 2011-12-01 10:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-19 18:52 . 2011-12-01 10:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 15:49 . 2011-05-31 15:26 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 09:35 . 2012-09-08 15:57 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-28 09:35 . 2010-04-18 18:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-12 15:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 15:19 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 15:19 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 15:19 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 15:19 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 15:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 15:19 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 15:19 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 15:19 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 15:19 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 15:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 15:19 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 15:19 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 15:19 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 15:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 15:19 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 15:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 15:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 15:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 15:17 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 15:17 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 15:17 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 15:17 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 15:17 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-10-26 17:56 . 2012-07-22 07:06 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
2012-10-26 17:56 . 2012-07-22 07:06 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
2012-10-26 17:56 . 2012-07-22 07:06 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
2010-01-24 13:13 . 2012-04-15 11:23 152848 ----a-w- c:\program files (x86)\Common Files\Comdlg32.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-03-27 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-18 348664]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kill Amcap.lnk - c:\program files (x86)\Common Files\BenQCam\KilAmcap.exe [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-17 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 20:33]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 20:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: Interfaces\{FA4FB6C2-A7B0-4980-9E77-7E071EAEDA5C}: NameServer = 192.168.2.100
FF - ProfilePath - c:\users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\txdocys9.default-1358117166465\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Cak\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Jagged Alliance 2 - c:\windows\IsUn0407.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="2FBF842F5FA45E3F2F392822FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67945A2C968CDB15FD2E20388FA18FE67F8D0852963AAB6CB0C059D3012479C155518C997543C9007D611892AD4B48BC1B15CFA6CC4C64D413B55269BD09468D6D3D899FAB1CD4FA0D22B8947C75CC3FF9F619BDE8A2E816BDDD0AAF9F6116354EC7CF5F718EB9730582E03D1C5D8BC7AD9E449417DD76961C9A833F77D316CC5A64A2AFE26638CA632EB4BF9211F2266B8A77D8E4714F323BDC83667EDA7A5A999B881A80C1935549619C844976791B8ECC1CF14328B7B64F2C96A64F42795C38094EDE2F9393DCF96DC5260DC296DD148A5E760B9D79E72F2689B56A2ECC4185DE0170B6A1831D5FB89D740F03C7171EFE30357543E2FB56F7EDFB3213B3ED75DEF5F24387B348063A5C73E5160DE4737845ACA15E469FE1651A19EDBAF039A0E24343E6B37683A08076590A326BD8FBD998919085F7EF16C5A9DC4A434B70C2D6C3EF94E9256701ADA994D95C6CFA4719E5CCA927D2015A84F8CCD59E0DD3BBBA16B9A3C09A7FA2F5F5C096711BC306BFAF7B370433DAB8A0ABA3039105960FA32098D221B7CFA12320B4E3A109A1106CB96DE831FB765F2D264E2BB7866064B885B7C1CC5DCABD912FF5CC704AF6DC510EA74E9691C3A2D2946D097DE6CD09B634F273D3F4DA5DB3EFC03EB478198CB4F9E15FF05E26F84BE3583BA4016FEAEED95F529EEADD090FF1058A1C2F52DE710E8977D2D0737C664616C4433448204469422A662D22EDBA8AE5E42510E0BBF4203FD29E59F86D8732670FC263505FAE1B172B3C31EEDB66D03A6923BFF62CC2C7D5950E6D732E25E13B6462747483BBE90CE8806D7CC852210F133F65B9DCEF64D7452E8817454C5338F4B152948E8C14825DEBDD78CCD39BA2C5F3AF44222715024DDEA58ADD9AC83752186C8523D19C12E3080102A5D3A5E844924D247027C042F9D6C869C744C846F4CE348C0A574D85BDB45C303350650AB93D74DAE1C18FBF801D764173109B27386320682E782DDA0E24F60C7BDAC760B36CDCDEB45CEE51758E3896F9D8524FDCB82CC79FA48F44DD5CDB91A717FDFBA2EBC39A4A721005D3DC9CE01510BC68838256CF926005299A399B320340FA20DB5CE8EBA812679AF98BB488A536F24E35CCA096DEC4E4249269C952FE22F645992F9225F9DD2F062A75956FAB64CC945EF313A9817DCA82FB6FFC4CB11F6F16F82F888A8C0CE3EF8A455AE7D0456980CCAA3889184B1748ED2251EB52ABA2F27AF517D85166C63626FC1F375D18AC0A33751CA9E7016AAA662BE672BFD0156E05F38FBB5ECADCE7EAF0869A42AF3A60ABAF55F059082E94C40C"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-14 12:02:32
ComboFix-quarantined-files.txt 2013-01-14 11:02
.
Pre-Run: 23,252,889,600 bytes free
Post-Run: 25,894,957,056 bytes free
.
- - End Of File - - F09F321CB5793BF94222DF1B5CF79BC3
|
|
14.01.2013, 12:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Infizierung mit Sirefef.AH |
|
14.01.2013, 14:59
| #7 |
| | Infizierung mit Sirefef.AH so hier nun die logs Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 14:38:59
-----------------------------
14:38:59.723 OS Version: Windows x64 6.0.6002 Service Pack 2
14:38:59.723 Number of processors: 4 586 0x402
14:38:59.724 ComputerName: CAK-PC UserName: Cak
14:39:00.491 Initialize success
14:40:06.602 AVAST engine defs: 13011400
14:43:19.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
14:43:19.658 Disk 0 Vendor: WDC_WD10EACS-00ZJB0 01.01B01 Size: 953868MB BusType: 3
14:43:19.676 Disk 0 MBR read successfully
14:43:19.680 Disk 0 MBR scan
14:43:19.688 Disk 0 Windows VISTA default MBR code
14:43:19.699 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
14:43:19.716 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 200000 MB offset 204802048
14:43:19.741 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 653866 MB offset 614402048
14:43:19.774 Disk 0 scanning C:\Windows\system32\drivers
14:43:28.099 Service scanning
14:43:46.051 Modules scanning
14:43:46.058 Disk 0 trace - called modules:
14:43:46.079 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:43:46.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e0d560]
14:43:46.090 3 CLASSPNP.SYS[fffffa6000dd2c33] -> nt!IofCallDriver -> [0xfffffa8004927520]
14:43:46.095 5 acpi.sys[fffffa6000821fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa8004935940]
14:43:47.460 AVAST engine scan C:\Windows
14:43:50.227 AVAST engine scan C:\Windows\system32
14:46:41.339 AVAST engine scan C:\Windows\system32\drivers
14:46:51.138 AVAST engine scan C:\Users\Cak
14:55:06.574 Disk 0 MBR has been saved successfully to "C:\Users\Cak\Desktop\MBR.dat"
14:55:06.584 The log file has been saved successfully to "C:\Users\Cak\Desktop\aswMBR.txt"
Code:
ATTFilter 14:55:36.0152 4356 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:55:36.0332 4356 ============================================================
14:55:36.0332 4356 Current date / time: 2013/01/14 14:55:36.0332
14:55:36.0332 4356 SystemInfo:
14:55:36.0332 4356
14:55:36.0332 4356 OS Version: 6.0.6002 ServicePack: 2.0
14:55:36.0332 4356 Product type: Workstation
14:55:36.0332 4356 ComputerName: CAK-PC
14:55:36.0332 4356 UserName: Cak
14:55:36.0332 4356 Windows directory: C:\Windows
14:55:36.0332 4356 System windows directory: C:\Windows
14:55:36.0332 4356 Running under WOW64
14:55:36.0332 4356 Processor architecture: Intel x64
14:55:36.0332 4356 Number of processors: 4
14:55:36.0332 4356 Page size: 0x1000
14:55:36.0332 4356 Boot type: Normal boot
14:55:36.0332 4356 ============================================================
14:55:37.0518 4356 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:55:37.0521 4356 ============================================================
14:55:37.0521 4356 \Device\Harddisk0\DR0:
14:55:37.0522 4356 MBR partitions:
14:55:37.0522 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
14:55:37.0522 4356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x186A0000
14:55:37.0522 4356 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD15000
14:55:37.0522 4356 ============================================================
14:55:37.0546 4356 C: <-> \Device\Harddisk0\DR0\Partition1
14:55:37.0644 4356 D: <-> \Device\Harddisk0\DR0\Partition2
14:55:37.0740 4356 E: <-> \Device\Harddisk0\DR0\Partition3
14:55:37.0741 4356 ============================================================
14:55:37.0741 4356 Initialize success
14:55:37.0741 4356 ============================================================
14:55:52.0670 4172 ============================================================
14:55:52.0670 4172 Scan started
14:55:52.0670 4172 Mode: Manual; SigCheck; TDLFS;
14:55:52.0670 4172 ============================================================
14:55:53.0108 4172 ================ Scan system memory ========================
14:55:53.0108 4172 System memory - ok
14:55:53.0108 4172 ================ Scan services =============================
14:55:53.0232 4172 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:55:53.0327 4172 AAV UpdateService - ok
14:55:53.0467 4172 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
14:55:53.0497 4172 acedrv11 - ok
14:55:53.0543 4172 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:55:53.0569 4172 ACPI - ok
14:55:53.0612 4172 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:55:53.0641 4172 adp94xx - ok
14:55:53.0676 4172 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:55:53.0700 4172 adpahci - ok
14:55:53.0716 4172 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:55:53.0733 4172 adpu160m - ok
14:55:53.0747 4172 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:55:53.0765 4172 adpu320 - ok
14:55:53.0803 4172 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:55:53.0939 4172 AeLookupSvc - ok
14:55:53.0986 4172 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
14:55:54.0074 4172 AFD - ok
14:55:54.0107 4172 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:55:54.0121 4172 agp440 - ok
14:55:54.0151 4172 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:55:54.0168 4172 aic78xx - ok
14:55:54.0193 4172 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
14:55:54.0253 4172 ALG - ok
14:55:54.0334 4172 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
14:55:54.0349 4172 aliide - ok
14:55:54.0397 4172 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
14:55:54.0424 4172 amdide - ok
14:55:54.0568 4172 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:55:55.0050 4172 AmdK8 - ok
14:55:55.0127 4172 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:55:55.0151 4172 AntiVirSchedulerService - ok
14:55:55.0192 4172 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:55:55.0206 4172 AntiVirService - ok
14:55:55.0245 4172 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
14:55:55.0290 4172 Appinfo - ok
14:55:55.0324 4172 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:55:55.0373 4172 AppMgmt - ok
14:55:55.0400 4172 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
14:55:55.0414 4172 arc - ok
14:55:55.0436 4172 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:55:55.0451 4172 arcsas - ok
14:55:55.0479 4172 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:55:55.0549 4172 AsyncMac - ok
14:55:55.0583 4172 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
14:55:55.0598 4172 atapi - ok
14:55:55.0648 4172 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:55:55.0669 4172 atksgt - ok
14:55:55.0697 4172 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:55:55.0761 4172 AudioEndpointBuilder - ok
14:55:55.0785 4172 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:55:55.0823 4172 AudioSrv - ok
14:55:55.0868 4172 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:55:55.0883 4172 avgntflt - ok
14:55:55.0896 4172 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:55:55.0913 4172 avipbb - ok
14:55:55.0920 4172 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:55:55.0934 4172 avkmgr - ok
14:55:55.0950 4172 Beep - ok
14:55:55.0982 4172 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
14:55:56.0045 4172 BFE - ok
14:55:56.0097 4172 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
14:55:56.0188 4172 BITS - ok
14:55:56.0192 4172 blbdrive - ok
14:55:56.0210 4172 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:55:56.0240 4172 bowser - ok
14:55:56.0276 4172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:55:56.0316 4172 BrFiltLo - ok
14:55:56.0332 4172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:55:56.0376 4172 BrFiltUp - ok
14:55:56.0397 4172 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
14:55:56.0450 4172 Browser - ok
14:55:56.0466 4172 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
14:55:56.0548 4172 Brserid - ok
14:55:56.0559 4172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:55:56.0632 4172 BrSerWdm - ok
14:55:56.0648 4172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:55:56.0730 4172 BrUsbMdm - ok
14:55:56.0741 4172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:55:56.0820 4172 BrUsbSer - ok
14:55:56.0837 4172 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:55:56.0917 4172 BTHMODEM - ok
14:55:56.0937 4172 catchme - ok
14:55:56.0960 4172 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:55:57.0014 4172 cdfs - ok
14:55:57.0047 4172 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:55:57.0088 4172 cdrom - ok
14:55:57.0121 4172 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
14:55:57.0151 4172 CertPropSvc - ok
14:55:57.0167 4172 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
14:55:57.0246 4172 circlass - ok
14:55:57.0278 4172 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
14:55:57.0304 4172 CLFS - ok
14:55:57.0328 4172 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:57.0344 4172 clr_optimization_v2.0.50727_32 - ok
14:55:57.0391 4172 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:55:57.0406 4172 clr_optimization_v2.0.50727_64 - ok
14:55:57.0478 4172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:55:57.0494 4172 clr_optimization_v4.0.30319_32 - ok
14:55:57.0531 4172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:55:57.0546 4172 clr_optimization_v4.0.30319_64 - ok
14:55:57.0562 4172 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:55:57.0576 4172 cmdide - ok
14:55:57.0583 4172 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:55:57.0597 4172 Compbatt - ok
14:55:57.0602 4172 COMSysApp - ok
14:55:57.0615 4172 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:55:57.0629 4172 crcdisk - ok
14:55:57.0676 4172 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:55:57.0727 4172 CryptSvc - ok
14:55:57.0745 4172 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
14:55:57.0797 4172 CSC - ok
14:55:57.0845 4172 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
14:55:57.0924 4172 CscService - ok
14:55:57.0973 4172 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:55:58.0053 4172 DcomLaunch - ok
14:55:58.0082 4172 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:55:58.0109 4172 DfsC - ok
14:55:58.0200 4172 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
14:55:58.0376 4172 DFSR - ok
14:55:58.0392 4172 dgderdrv - ok
14:55:58.0421 4172 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
14:55:58.0436 4172 dg_ssudbus - ok
14:55:58.0477 4172 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:55:58.0511 4172 Dhcp - ok
14:55:58.0522 4172 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
14:55:58.0539 4172 disk - ok
14:55:58.0566 4172 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:55:58.0602 4172 Dnscache - ok
14:55:58.0628 4172 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
14:55:58.0673 4172 dot3svc - ok
14:55:58.0706 4172 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
14:55:58.0765 4172 DPS - ok
14:55:58.0784 4172 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:55:58.0823 4172 drmkaud - ok
14:55:58.0863 4172 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:55:58.0915 4172 DXGKrnl - ok
14:55:58.0952 4172 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:55:59.0026 4172 E1G60 - ok
14:55:59.0047 4172 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
14:55:59.0074 4172 EapHost - ok
14:55:59.0108 4172 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
14:55:59.0121 4172 Ecache - ok
14:55:59.0161 4172 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:55:59.0204 4172 ehRecvr - ok
14:55:59.0216 4172 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
14:55:59.0229 4172 ehSched - ok
14:55:59.0259 4172 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
14:55:59.0298 4172 ehstart - ok
14:55:59.0315 4172 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:55:59.0331 4172 elxstor - ok
14:55:59.0377 4172 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:55:59.0430 4172 EMDMgmt - ok
14:55:59.0465 4172 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
14:55:59.0505 4172 EventSystem - ok
14:55:59.0521 4172 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
14:55:59.0559 4172 exfat - ok
14:55:59.0590 4172 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:55:59.0632 4172 fastfat - ok
14:55:59.0668 4172 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
14:55:59.0744 4172 Fax - ok
14:55:59.0767 4172 [ 61B6DBD1AD1143F008364D4E9A96B224 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:55:59.0841 4172 fdc - ok
14:55:59.0882 4172 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
14:55:59.0962 4172 fdPHost - ok
14:55:59.0994 4172 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
14:56:00.0131 4172 FDResPub - ok
14:56:00.0151 4172 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:56:00.0168 4172 FileInfo - ok
14:56:00.0188 4172 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:56:00.0242 4172 Filetrace - ok
14:56:00.0255 4172 [ 12C3D1B4D0CE49E1CE343BA2F22F15E0 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:56:00.0294 4172 flpydisk - ok
14:56:00.0330 4172 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:56:00.0344 4172 FltMgr - ok
14:56:00.0398 4172 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
14:56:00.0486 4172 FontCache - ok
14:56:00.0532 4172 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:56:00.0540 4172 FontCache3.0.0.0 - ok
14:56:00.0570 4172 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:56:00.0600 4172 Fs_Rec - ok
14:56:00.0630 4172 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:56:00.0645 4172 fvevol - ok
14:56:00.0664 4172 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:56:00.0676 4172 gagp30kx - ok
14:56:00.0706 4172 [ F51FB25E1328FA14F446A8B24AC52709 ] gdrv C:\Windows\gdrv.sys
14:56:00.0716 4172 gdrv - ok
14:56:00.0752 4172 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
14:56:00.0802 4172 gpsvc - ok
14:56:00.0852 4172 [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c9dd81b2922ace C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:56:00.0866 4172 gupdate1c9dd81b2922ace - ok
14:56:00.0886 4172 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:56:00.0899 4172 gupdatem - ok
14:56:00.0928 4172 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:56:00.0960 4172 HdAudAddService - ok
14:56:01.0002 4172 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:56:01.0096 4172 HDAudBus - ok
14:56:01.0110 4172 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:56:01.0170 4172 HidBth - ok
14:56:01.0183 4172 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:56:01.0233 4172 HidIr - ok
14:56:01.0268 4172 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
14:56:01.0296 4172 hidserv - ok
14:56:01.0314 4172 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:56:01.0333 4172 HidUsb - ok
14:56:01.0356 4172 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
14:56:01.0395 4172 hkmsvc - ok
14:56:01.0416 4172 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:56:01.0425 4172 HpCISSs - ok
14:56:01.0458 4172 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:56:01.0535 4172 HTTP - ok
14:56:01.0550 4172 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:56:01.0561 4172 i2omp - ok
14:56:01.0597 4172 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:56:01.0634 4172 i8042prt - ok
14:56:01.0655 4172 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:56:01.0672 4172 iaStorV - ok
14:56:01.0716 4172 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:56:01.0761 4172 idsvc - ok
14:56:01.0784 4172 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:56:01.0796 4172 iirsp - ok
14:56:01.0826 4172 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
14:56:01.0893 4172 IKEEXT - ok
14:56:01.0989 4172 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:56:02.0100 4172 IntcAzAudAddService - ok
14:56:02.0112 4172 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
14:56:02.0126 4172 intelide - ok
14:56:02.0140 4172 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:56:02.0218 4172 intelppm - ok
14:56:02.0245 4172 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:56:02.0299 4172 IPBusEnum - ok
14:56:02.0321 4172 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:56:02.0362 4172 IpFilterDriver - ok
14:56:02.0391 4172 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:56:02.0423 4172 iphlpsvc - ok
14:56:02.0428 4172 IpInIp - ok
14:56:02.0445 4172 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:56:02.0523 4172 IPMIDRV - ok
14:56:02.0548 4172 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:56:02.0596 4172 IPNAT - ok
14:56:02.0615 4172 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:56:02.0658 4172 IRENUM - ok
14:56:02.0668 4172 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:56:02.0681 4172 isapnp - ok
14:56:02.0710 4172 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:56:02.0730 4172 iScsiPrt - ok
14:56:02.0747 4172 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:56:02.0761 4172 iteatapi - ok
14:56:02.0781 4172 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:56:02.0795 4172 iteraid - ok
14:56:02.0823 4172 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:56:02.0839 4172 kbdclass - ok
14:56:02.0858 4172 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:56:02.0893 4172 kbdhid - ok
14:56:02.0912 4172 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
14:56:02.0940 4172 KeyIso - ok
14:56:03.0025 4172 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
14:56:03.0050 4172 Kodak AiO Network Discovery Service - ok
14:56:03.0100 4172 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
14:56:03.0164 4172 Kodak AiO Status Monitor Service - ok
14:56:03.0209 4172 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:56:03.0273 4172 KSecDD - ok
14:56:03.0301 4172 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:56:03.0387 4172 ksthunk - ok
14:56:03.0424 4172 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
14:56:03.0542 4172 KtmRm - ok
14:56:03.0589 4172 [ C44F9121831F90B0E5385D786591B480 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
14:56:03.0602 4172 L8042Kbd - ok
14:56:03.0630 4172 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:56:03.0678 4172 LanmanServer - ok
14:56:03.0697 4172 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:56:03.0740 4172 LanmanWorkstation - ok
14:56:03.0791 4172 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
14:56:03.0807 4172 LBTServ - ok
14:56:03.0832 4172 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:56:03.0844 4172 LHidFilt - ok
14:56:03.0876 4172 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:56:03.0889 4172 lirsgt - ok
14:56:03.0911 4172 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:56:03.0960 4172 lltdio - ok
14:56:03.0976 4172 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:56:04.0026 4172 lltdsvc - ok
14:56:04.0041 4172 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:56:04.0085 4172 lmhosts - ok
14:56:04.0090 4172 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:56:04.0102 4172 LMouFilt - ok
14:56:04.0131 4172 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:56:04.0146 4172 LSI_FC - ok
14:56:04.0164 4172 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:56:04.0173 4172 LSI_SAS - ok
14:56:04.0213 4172 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:56:04.0222 4172 LSI_SCSI - ok
14:56:04.0254 4172 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
14:56:04.0280 4172 luafv - ok
14:56:04.0290 4172 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:56:04.0300 4172 Mcx2Svc - ok
14:56:04.0336 4172 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
14:56:04.0345 4172 megasas - ok
14:56:04.0374 4172 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
14:56:04.0411 4172 MMCSS - ok
14:56:04.0420 4172 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
14:56:04.0459 4172 Modem - ok
14:56:04.0480 4172 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:56:04.0522 4172 monitor - ok
14:56:04.0544 4172 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:56:04.0556 4172 mouclass - ok
14:56:04.0578 4172 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:56:04.0620 4172 mouhid - ok
14:56:04.0625 4172 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:56:04.0639 4172 MountMgr - ok
14:56:04.0670 4172 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:56:04.0683 4172 MozillaMaintenance - ok
14:56:04.0698 4172 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
14:56:04.0710 4172 mpio - ok
14:56:04.0743 4172 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:56:04.0788 4172 mpsdrv - ok
14:56:04.0820 4172 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
14:56:04.0903 4172 MpsSvc - ok
14:56:04.0917 4172 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:56:04.0931 4172 Mraid35x - ok
14:56:04.0949 4172 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:56:04.0974 4172 MRxDAV - ok
14:56:05.0005 4172 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:56:05.0032 4172 mrxsmb - ok
14:56:05.0061 4172 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:56:05.0090 4172 mrxsmb10 - ok
14:56:05.0123 4172 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:56:05.0162 4172 mrxsmb20 - ok
14:56:05.0211 4172 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
14:56:05.0238 4172 msahci - ok
14:56:05.0293 4172 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:56:05.0309 4172 msdsm - ok
14:56:05.0335 4172 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
14:56:05.0387 4172 MSDTC - ok
14:56:05.0406 4172 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:56:05.0456 4172 Msfs - ok
14:56:05.0491 4172 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:56:05.0501 4172 msisadrv - ok
14:56:05.0521 4172 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:56:05.0562 4172 MSiSCSI - ok
14:56:05.0565 4172 msiserver - ok
14:56:05.0586 4172 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:56:05.0621 4172 MSKSSRV - ok
14:56:05.0643 4172 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:56:05.0685 4172 MSPCLOCK - ok
14:56:05.0706 4172 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:56:05.0743 4172 MSPQM - ok
14:56:05.0766 4172 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:56:05.0781 4172 MsRPC - ok
14:56:05.0798 4172 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:56:05.0808 4172 mssmbios - ok
14:56:05.0832 4172 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:56:05.0877 4172 MSTEE - ok
14:56:05.0881 4172 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
14:56:05.0891 4172 Mup - ok
14:56:05.0921 4172 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
14:56:05.0947 4172 napagent - ok
14:56:05.0988 4172 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:56:06.0014 4172 NativeWifiP - ok
14:56:06.0060 4172 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:56:06.0102 4172 NDIS - ok
14:56:06.0107 4172 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:56:06.0141 4172 NdisTapi - ok
14:56:06.0150 4172 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:56:06.0183 4172 Ndisuio - ok
14:56:06.0200 4172 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:56:06.0234 4172 NdisWan - ok
14:56:06.0251 4172 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:56:06.0282 4172 NDProxy - ok
14:56:06.0290 4172 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:56:06.0346 4172 NetBIOS - ok
14:56:06.0369 4172 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:56:06.0403 4172 netbt - ok
14:56:06.0409 4172 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
14:56:06.0424 4172 Netlogon - ok
14:56:06.0452 4172 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
14:56:06.0531 4172 Netman - ok
14:56:06.0553 4172 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
14:56:06.0611 4172 netprofm - ok
14:56:06.0667 4172 [ A011AC63B12FD7F7C022DF676CB01711 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
14:56:06.0710 4172 netr7364 - ok
14:56:06.0739 4172 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:06.0754 4172 NetTcpPortSharing - ok
14:56:06.0782 4172 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:56:06.0797 4172 nfrd960 - ok
14:56:06.0818 4172 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
14:56:06.0874 4172 NlaSvc - ok
14:56:06.0919 4172 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:56:06.0949 4172 Npfs - ok
14:56:06.0955 4172 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
14:56:06.0999 4172 nsi - ok
14:56:07.0013 4172 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:56:07.0055 4172 nsiproxy - ok
14:56:07.0112 4172 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:56:07.0216 4172 Ntfs - ok
14:56:07.0234 4172 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
14:56:07.0328 4172 Null - ok
14:56:07.0594 4172 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:56:08.0187 4172 nvlddmkm - ok
14:56:08.0207 4172 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:56:08.0224 4172 nvraid - ok
14:56:08.0240 4172 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:56:08.0253 4172 nvstor - ok
14:56:08.0295 4172 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
14:56:08.0333 4172 nvsvc - ok
14:56:08.0413 4172 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:56:08.0455 4172 nvUpdatusService - ok
14:56:08.0479 4172 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:56:08.0489 4172 nv_agp - ok
14:56:08.0492 4172 NwlnkFlt - ok
14:56:08.0495 4172 NwlnkFwd - ok
14:56:08.0564 4172 [ 2D8C5FD30D2B87B102DCAEAB548520FD ] O&O Defrag C:\Windows\system32\oodag.exe
14:56:08.0636 4172 O&O Defrag - ok
14:56:08.0665 4172 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:56:08.0725 4172 ohci1394 - ok
14:56:08.0756 4172 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:56:08.0829 4172 p2pimsvc - ok
14:56:08.0851 4172 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
14:56:08.0880 4172 p2psvc - ok
14:56:08.0908 4172 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:56:08.0955 4172 Parport - ok
14:56:08.0976 4172 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:56:08.0992 4172 partmgr - ok
14:56:09.0010 4172 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
14:56:09.0057 4172 PcaSvc - ok
14:56:09.0082 4172 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
14:56:09.0101 4172 pci - ok
14:56:09.0121 4172 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
14:56:09.0138 4172 pciide - ok
14:56:09.0156 4172 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:56:09.0175 4172 pcmcia - ok
14:56:09.0196 4172 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:56:09.0320 4172 PEAUTH - ok
14:56:09.0378 4172 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:56:09.0421 4172 PerfHost - ok
14:56:09.0484 4172 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
14:56:09.0572 4172 pla - ok
14:56:09.0594 4172 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:56:09.0636 4172 PlugPlay - ok
14:56:09.0650 4172 PnkBstrA - ok
14:56:09.0676 4172 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:56:09.0700 4172 PNRPAutoReg - ok
14:56:09.0721 4172 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:56:09.0748 4172 PNRPsvc - ok
14:56:09.0861 4172 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:56:09.0916 4172 PolicyAgent - ok
14:56:09.0940 4172 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:56:09.0959 4172 PptpMiniport - ok
14:56:09.0980 4172 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:56:10.0014 4172 Processor - ok
14:56:10.0035 4172 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
14:56:10.0072 4172 ProfSvc - ok
14:56:10.0081 4172 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
14:56:10.0093 4172 ProtectedStorage - ok
14:56:10.0126 4172 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:56:10.0149 4172 PSched - ok
14:56:10.0171 4172 PzWDM - ok
14:56:10.0205 4172 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:56:10.0272 4172 ql2300 - ok
14:56:10.0283 4172 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:56:10.0296 4172 ql40xx - ok
14:56:10.0353 4172 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
14:56:10.0416 4172 QWAVE - ok
14:56:10.0425 4172 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:56:10.0455 4172 QWAVEdrv - ok
14:56:10.0482 4172 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:56:10.0542 4172 RasAcd - ok
14:56:10.0571 4172 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:56:10.0626 4172 RasAuto - ok
14:56:10.0647 4172 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:56:10.0702 4172 Rasl2tp - ok
14:56:10.0730 4172 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
14:56:10.0772 4172 RasMan - ok
14:56:10.0808 4172 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:56:10.0868 4172 RasPppoe - ok
14:56:10.0917 4172 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:56:10.0960 4172 RasSstp - ok
14:56:10.0998 4172 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:56:11.0051 4172 rdbss - ok
14:56:11.0062 4172 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:56:11.0104 4172 RDPCDD - ok
14:56:11.0133 4172 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
14:56:11.0181 4172 rdpdr - ok
14:56:11.0185 4172 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:56:11.0228 4172 RDPENCDD - ok
14:56:11.0295 4172 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:56:11.0340 4172 RDPWD - ok
14:56:11.0369 4172 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:56:11.0412 4172 RemoteAccess - ok
14:56:11.0441 4172 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:56:11.0463 4172 RemoteRegistry - ok
14:56:11.0484 4172 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
14:56:11.0511 4172 RpcLocator - ok
14:56:11.0618 4172 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
14:56:11.0650 4172 RpcSs - ok
14:56:11.0701 4172 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:56:11.0748 4172 rspndr - ok
14:56:11.0802 4172 [ 3B5809E9D3B8995FB65A82CB92745072 ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
14:56:11.0849 4172 RT73 - ok
14:56:11.0885 4172 [ FAEEED5A8949E6BA611A7B738AD28CEE ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
14:56:11.0922 4172 RTL8169 - ok
14:56:11.0983 4172 [ 9269EF78A780A3161087DF1BEC117DC8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
14:56:12.0087 4172 RTL85n64 - ok
14:56:12.0177 4172 [ D1664991A07ACF2703D4A4E5BE4B6C80 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
14:56:12.0190 4172 RtlProt - ok
14:56:12.0200 4172 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
14:56:12.0215 4172 SamSs - ok
14:56:12.0246 4172 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:56:12.0261 4172 sbp2port - ok
14:56:12.0283 4172 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:56:12.0326 4172 SCardSvr - ok
14:56:12.0368 4172 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
14:56:12.0449 4172 Schedule - ok
14:56:12.0475 4172 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:56:12.0505 4172 SCPolicySvc - ok
14:56:12.0534 4172 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:56:12.0577 4172 SDRSVC - ok
14:56:12.0592 4172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:56:12.0667 4172 secdrv - ok
14:56:12.0678 4172 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
14:56:12.0718 4172 seclogon - ok
14:56:12.0736 4172 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
14:56:12.0763 4172 SENS - ok
14:56:12.0774 4172 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:56:12.0822 4172 Serenum - ok
14:56:12.0832 4172 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
14:56:12.0873 4172 Serial - ok
14:56:12.0889 4172 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:56:12.0922 4172 sermouse - ok
14:56:12.0946 4172 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:56:12.0981 4172 SessionEnv - ok
14:56:13.0009 4172 [ 18C056B109DA7CD823BFAE223818EB2E ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:56:13.0031 4172 sffdisk - ok
14:56:13.0045 4172 [ B387781EA1A47BBE08A6E4CBD82F9790 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:56:13.0068 4172 sffp_mmc - ok
14:56:13.0079 4172 [ 4E6B82359DFBD84E914B4D01256EF3BF ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:56:13.0106 4172 sffp_sd - ok
14:56:13.0120 4172 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:56:13.0183 4172 sfloppy - ok
14:56:13.0207 4172 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:56:13.0248 4172 SharedAccess - ok
14:56:13.0283 4172 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:56:13.0306 4172 ShellHWDetection - ok
14:56:13.0316 4172 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:56:13.0327 4172 SiSRaid2 - ok
14:56:13.0338 4172 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:56:13.0349 4172 SiSRaid4 - ok
14:56:13.0487 4172 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:56:13.0642 4172 Skype C2C Service - ok
14:56:13.0669 4172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:56:13.0680 4172 SkypeUpdate - ok
14:56:13.0750 4172 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
14:56:13.0855 4172 slsvc - ok
14:56:13.0877 4172 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:56:13.0910 4172 SLUINotify - ok
14:56:13.0932 4172 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:56:13.0952 4172 Smb - ok
14:56:13.0989 4172 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:56:14.0016 4172 SNMPTRAP - ok
14:56:14.0074 4172 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
14:56:14.0084 4172 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
14:56:14.0084 4172 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
14:56:14.0101 4172 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
14:56:14.0114 4172 spldr - ok
14:56:14.0151 4172 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
14:56:14.0179 4172 Spooler - ok
14:56:14.0181 4172 sptd - ok
14:56:14.0203 4172 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
14:56:14.0251 4172 srv - ok
14:56:14.0262 4172 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:56:14.0280 4172 srv2 - ok
14:56:14.0316 4172 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:56:14.0332 4172 srvnet - ok
14:56:14.0357 4172 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:56:14.0415 4172 SSDPSRV - ok
14:56:14.0459 4172 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:56:14.0492 4172 SstpSvc - ok
14:56:14.0528 4172 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
14:56:14.0545 4172 ssudmdm - ok
14:56:14.0556 4172 Steam Client Service - ok
14:56:14.0602 4172 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:56:14.0624 4172 Stereo Service - ok
14:56:14.0660 4172 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
14:56:14.0723 4172 stisvc - ok
14:56:14.0748 4172 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:56:14.0762 4172 swenum - ok
14:56:14.0792 4172 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
14:56:14.0833 4172 swprv - ok
14:56:14.0852 4172 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:56:14.0867 4172 Symc8xx - ok
14:56:14.0876 4172 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:56:14.0891 4172 Sym_hi - ok
14:56:14.0899 4172 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:56:14.0913 4172 Sym_u3 - ok
14:56:14.0961 4172 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
14:56:15.0045 4172 SysMain - ok
14:56:15.0077 4172 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:56:15.0106 4172 TabletInputService - ok
14:56:15.0151 4172 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:56:15.0233 4172 TapiSrv - ok
14:56:15.0254 4172 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
14:56:15.0306 4172 TBS - ok
14:56:15.0359 4172 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:56:15.0501 4172 Tcpip - ok
14:56:15.0595 4172 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:56:15.0657 4172 Tcpip6 - ok
14:56:15.0675 4172 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:56:15.0706 4172 tcpipreg - ok
14:56:15.0737 4172 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:56:15.0779 4172 TDPIPE - ok
14:56:15.0796 4172 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:56:15.0845 4172 TDTCP - ok
14:56:15.0872 4172 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:56:15.0911 4172 tdx - ok
14:56:15.0925 4172 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:56:15.0942 4172 TermDD - ok
14:56:15.0966 4172 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
14:56:16.0048 4172 TermService - ok
14:56:16.0068 4172 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
14:56:16.0087 4172 Themes - ok
14:56:16.0101 4172 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
14:56:16.0144 4172 THREADORDER - ok
14:56:16.0175 4172 [ 83682F469A3D65E8B6F06C28212318BD ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
14:56:16.0189 4172 TomTomHOMEService - ok
14:56:16.0208 4172 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
14:56:16.0261 4172 TrkWks - ok
14:56:16.0304 4172 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:56:16.0342 4172 TrustedInstaller - ok
14:56:16.0358 4172 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:56:16.0413 4172 tssecsrv - ok
14:56:16.0432 4172 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:56:16.0459 4172 tunmp - ok
14:56:16.0495 4172 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:56:16.0509 4172 tunnel - ok
14:56:16.0540 4172 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:56:16.0555 4172 uagp35 - ok
14:56:16.0584 4172 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:56:16.0630 4172 udfs - ok
14:56:16.0652 4172 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:56:16.0696 4172 UI0Detect - ok
14:56:16.0717 4172 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:56:16.0732 4172 uliagpkx - ok
14:56:16.0752 4172 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:56:16.0773 4172 uliahci - ok
14:56:16.0784 4172 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:56:16.0801 4172 UlSata - ok
14:56:16.0820 4172 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:56:16.0837 4172 ulsata2 - ok
14:56:16.0864 4172 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:56:16.0901 4172 umbus - ok
14:56:16.0932 4172 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
14:56:16.0952 4172 UmRdpService - ok
14:56:16.0978 4172 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
14:56:17.0012 4172 upnphost - ok
14:56:17.0048 4172 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:56:17.0076 4172 usbaudio - ok
14:56:17.0110 4172 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:56:17.0129 4172 usbccgp - ok
14:56:17.0140 4172 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:56:17.0200 4172 usbcir - ok
14:56:17.0214 4172 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:56:17.0238 4172 usbehci - ok
14:56:17.0244 4172 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:56:17.0266 4172 usbhub - ok
14:56:17.0280 4172 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:56:17.0314 4172 usbohci - ok
14:56:17.0350 4172 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:56:17.0384 4172 usbprint - ok
14:56:17.0401 4172 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:56:17.0426 4172 usbscan - ok
14:56:17.0452 4172 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:56:17.0485 4172 USBSTOR - ok
14:56:17.0494 4172 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:56:17.0544 4172 usbuhci - ok
14:56:17.0561 4172 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
14:56:17.0585 4172 UxSms - ok
14:56:17.0613 4172 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
14:56:17.0664 4172 vds - ok
14:56:17.0691 4172 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:56:17.0723 4172 vga - ok
14:56:17.0753 4172 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:56:17.0796 4172 VgaSave - ok
14:56:17.0813 4172 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
14:56:17.0824 4172 viaide - ok
14:56:17.0834 4172 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:56:17.0847 4172 volmgr - ok
14:56:17.0874 4172 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:56:17.0896 4172 volmgrx - ok
14:56:17.0919 4172 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:56:17.0937 4172 volsnap - ok
14:56:17.0949 4172 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:56:17.0962 4172 vsmraid - ok
14:56:18.0011 4172 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
14:56:18.0100 4172 VSS - ok
14:56:18.0150 4172 [ 0186CCF2557F71F8B7B26BB43EA8846B ] vvftav302 C:\Windows\system32\drivers\vvftav302.sys
14:56:18.0174 4172 vvftav302 - ok
14:56:18.0207 4172 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
14:56:18.0268 4172 W32Time - ok
14:56:18.0279 4172 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:56:18.0357 4172 WacomPen - ok
14:56:18.0386 4172 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:56:18.0432 4172 Wanarp - ok
14:56:18.0436 4172 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:56:18.0467 4172 Wanarpv6 - ok
14:56:18.0504 4172 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
14:56:18.0580 4172 wbengine - ok
14:56:18.0603 4172 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:56:18.0646 4172 wcncsvc - ok
14:56:18.0670 4172 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:56:18.0702 4172 WcsPlugInService - ok
14:56:18.0720 4172 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
14:56:18.0734 4172 Wd - ok
14:56:18.0777 4172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:56:18.0830 4172 Wdf01000 - ok
14:56:18.0850 4172 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:56:18.0903 4172 WdiServiceHost - ok
14:56:18.0907 4172 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:56:18.0951 4172 WdiSystemHost - ok
14:56:18.0973 4172 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
14:56:18.0996 4172 WebClient - ok
14:56:19.0021 4172 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:56:19.0060 4172 Wecsvc - ok
14:56:19.0077 4172 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:56:19.0125 4172 wercplsupport - ok
14:56:19.0145 4172 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
14:56:19.0179 4172 WerSvc - ok
14:56:19.0192 4172 WinDefend - ok
14:56:19.0198 4172 WinHttpAutoProxySvc - ok
14:56:19.0251 4172 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:56:19.0298 4172 Winmgmt - ok
14:56:19.0363 4172 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
14:56:19.0466 4172 WinRM - ok
14:56:19.0499 4172 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
14:56:19.0525 4172 WinUSB - ok
14:56:19.0547 4172 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:56:19.0601 4172 Wlansvc - ok
14:56:19.0623 4172 [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:56:19.0688 4172 WmiAcpi - ok
14:56:19.0707 4172 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:56:19.0755 4172 wmiApSrv - ok
14:56:19.0770 4172 WMPNetworkSvc - ok
14:56:19.0789 4172 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:56:19.0832 4172 WPCSvc - ok
14:56:19.0853 4172 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:56:19.0874 4172 WPDBusEnum - ok
14:56:19.0972 4172 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:56:20.0023 4172 WPFFontCache_v0400 - ok
14:56:20.0049 4172 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:56:20.0091 4172 ws2ifsl - ok
14:56:20.0115 4172 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
14:56:20.0148 4172 wscsvc - ok
14:56:20.0152 4172 WSearch - ok
14:56:20.0233 4172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:56:20.0366 4172 wuauserv - ok
14:56:20.0417 4172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:56:20.0450 4172 WudfPf - ok
14:56:20.0468 4172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:20.0486 4172 WUDFRd - ok
14:56:20.0509 4172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:56:20.0534 4172 wudfsvc - ok
14:56:20.0649 4172 [ 6E53D1058B900443949C69EC6215D98F ] ZSMC301b C:\Windows\system32\Drivers\usbVM302.sys
14:56:20.0776 4172 ZSMC301b - ok
14:56:20.0806 4172 ================ Scan global ===============================
14:56:20.0835 4172 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:56:20.0880 4172 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:56:20.0922 4172 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:56:20.0961 4172 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:56:20.0966 4172 [Global] - ok
14:56:20.0967 4172 ================ Scan MBR ==================================
14:56:20.0974 4172 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:56:21.0182 4172 \Device\Harddisk0\DR0 - ok
14:56:21.0182 4172 ================ Scan VBR ==================================
14:56:21.0185 4172 [ 65FF835102C5E429CC9793E1BC12FBB2 ] \Device\Harddisk0\DR0\Partition1
14:56:21.0187 4172 \Device\Harddisk0\DR0\Partition1 - ok
14:56:21.0215 4172 [ 0BD88EC0969AFED1F1FE1A2E21C36E9D ] \Device\Harddisk0\DR0\Partition2
14:56:21.0216 4172 \Device\Harddisk0\DR0\Partition2 - ok
14:56:21.0229 4172 [ 572F9948130112E18BF600DB55ABF6AA ] \Device\Harddisk0\DR0\Partition3
14:56:21.0230 4172 \Device\Harddisk0\DR0\Partition3 - ok
14:56:21.0231 4172 ============================================================
14:56:21.0231 4172 Scan finished
14:56:21.0231 4172 ============================================================
14:56:21.0243 3496 Detected object count: 1
14:56:21.0243 3496 Actual detected object count: 1
14:56:43.0292 3496 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:56:43.0292 3496 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.01.2013, 15:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 15:46
| #9 |
| | Infizierung mit Sirefef.AHCode:
ATTFilter # AdwCleaner v2.105 - Logfile created 01/14/2013 at 15:45:11
# Updated 08/01/2013 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# User : Cak - CAK-PC
# Boot Mode : Normal
# Running from : C:\Users\Cak\Desktop\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0 (de)
File : C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\txdocys9.default-1358117166465\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1917 octets] - [14/01/2013 15:45:11]
########## EOF - C:\AdwCleaner[R1].txt - [1977 octets] ##########
|
|
14.01.2013, 15:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 16:12
| #11 |
| | Infizierung mit Sirefef.AH sodele Code:
ATTFilter # AdwCleaner v2.105 - Logfile created 01/14/2013 at 15:56:08
# Updated 08/01/2013 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# User : Cak - CAK-PC
# Boot Mode : Normal
# Running from : C:\Users\Cak\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0 (de)
File : C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\txdocys9.default-1358117166465\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2038 octets] - [14/01/2013 15:45:11]
AdwCleaner[S1].txt - [1749 octets] - [14/01/2013 15:56:08]
########## EOF - C:\AdwCleaner[S1].txt - [1809 octets] ##########
Code:
ATTFilter OTL logfile created on: 1/14/2013 3:59:43 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.96% Memory free 8.17 Gb Paging File | 6.69 Gb Available in Paging File | 81.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.66 Gb Total Space | 23.60 Gb Free Space | 24.17% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cak\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Windows\VM302Snap.exe (Vimicro) PRC - C:\Windows\Domino.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\Domino.exe () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (RT73) -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (ZSMC301b) -- C:\Windows\SysNative\Drivers\usbVM302.sys (Vimicro Corporation) DRV:64bit: - (vvftav302) -- C:\Windows\SysNative\drivers\vvftav302.sys (Vimicro Corporation) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (PzWDM) -- C:\Windows\SysWOW64\drivers\PzWDM.sys (Prassi Technology) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (ZSMC301b) -- C:\Windows\SysWOW64\drivers\usbVM302.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/01/11 09:33:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/02/07 12:09:39 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011/10/12 19:18:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/31 20:24:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/12 19:18:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/12 19:18:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/12 19:18:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/12 19:18:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/01/14 12:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8056BD-A92B-46D3-93D1-A3EFAFCB861B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4FB6C2-A7B0-4980-9E77-7E071EAEDA5C}: NameServer = 192.168.2.100 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/14 14:37:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cak\Desktop\tdsskiller.exe [2013/01/14 14:35:05 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cak\Desktop\aswMBR.exe [2013/01/14 14:32:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/14 12:02:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/14 11:53:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/14 11:53:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/14 11:53:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/14 11:53:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/14 11:53:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/14 11:53:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2013/01/14 11:51:57 | 005,021,655 | R--- | C] (Swearware) -- C:\Users\Cak\Desktop\ComboFix.exe [2013/01/14 02:20:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/14 02:20:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/14 02:20:28 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/13 23:46:09 | 000,000,000 | ---D | C] -- C:\Users\Cak\Desktop\Alte Firefox-Daten [2013/01/13 22:55:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/01/11 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/09 14:33:35 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Roaming\Apple Computer [2013/01/09 13:55:05 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 13:54:29 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll [2013/01/06 14:41:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013/01/04 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple Computer [2013/01/04 23:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013/01/04 23:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013/01/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/12/20 20:34:23 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/20 20:34:23 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/20 20:34:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/20 20:34:22 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/18 20:02:10 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\ESN [2012/04/15 12:23:55 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Comdlg32.ocx ========== Files - Modified Within 30 Days ========== [2013/01/14 15:57:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/14 15:57:37 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 15:57:37 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 15:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/14 15:57:13 | 001,195,272 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2013/01/14 15:44:42 | 000,554,087 | ---- | M] () -- C:\Users\Cak\Desktop\AdwCleaner.exe [2013/01/14 15:29:11 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/14 14:55:06 | 000,000,512 | ---- | M] () -- C:\Users\Cak\Desktop\MBR.dat [2013/01/14 14:37:35 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/14 14:37:35 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/14 14:37:35 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/14 14:37:13 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cak\Desktop\tdsskiller.exe [2013/01/14 14:36:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cak\Desktop\aswMBR.exe [2013/01/14 12:01:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/14 11:52:19 | 005,021,655 | R--- | M] (Swearware) -- C:\Users\Cak\Desktop\ComboFix.exe [2013/01/13 23:39:42 | 609,790,781 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/01/13 23:04:28 | 000,000,188 | ---- | M] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:33 | 000,365,568 | ---- | M] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | M] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/13 22:55:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 13:37:10 | 000,000,985 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/01/13 13:37:10 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/09 20:05:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001A67.LCS [2013/01/09 14:31:31 | 000,255,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/06 14:35:33 | 000,021,490 | ---- | M] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2012/12/30 21:51:44 | 000,001,837 | ---- | M] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 21:25:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/30 21:25:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/30 20:52:56 | 000,000,972 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk [2012/12/30 15:58:18 | 006,696,960 | ---- | M] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/19 19:52:57 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/12/17 18:31:46 | 000,003,701 | ---- | M] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/12/16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files Created - No Company Name ========== [2013/01/14 15:44:40 | 000,554,087 | ---- | C] () -- C:\Users\Cak\Desktop\AdwCleaner.exe [2013/01/14 14:55:06 | 000,000,512 | ---- | C] () -- C:\Users\Cak\Desktop\MBR.dat [2013/01/14 11:53:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/14 11:53:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/14 11:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/14 11:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/14 11:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/13 23:04:28 | 000,000,188 | ---- | C] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:30 | 000,365,568 | ---- | C] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | C] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/06 14:35:32 | 000,021,490 | ---- | C] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2013/01/04 23:30:45 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/12/30 21:51:44 | 000,001,837 | ---- | C] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 15:58:16 | 006,696,960 | ---- | C] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/17 18:31:45 | 000,003,701 | ---- | C] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/04/22 12:48:01 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011/12/01 11:45:50 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/12/01 11:45:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/04/28 20:59:18 | 000,000,680 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps.dat [2009/03/14 23:47:31 | 000,175,104 | ---- | C] () -- C:\Users\Cak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/14 18:06:13 | 000,001,460 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 00:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/14/2013 3:59:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.96% Memory free
8.17 Gb Paging File | 6.69 Gb Available in Paging File | 81.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 23.60 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 76 08 C7 F3 C5 A4 C9 01 [binary data]
"VistaSp2" = F1 2B 2F 6E E9 E1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B9E5F-0458-4352-8D7B-C2C5F0D94A2A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{08188ED9-EBA2-4C8F-BB8B-2863B4872591}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{103BA2FE-0BF1-4A9D-9659-23229244350B}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{16A3CA95-0999-4FDD-8C9F-FC09CD3972B5}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{16DE800F-FA5B-44C3-AC58-5B65679B7BB4}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{1B442D22-B920-443E-8760-8E5CB8521CA5}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{1BE8624B-8CF8-48CD-961A-AF4266F61C8D}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |
"{29C9A4BB-B053-441E-B7D8-9D4BED5EB5B8}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher |
"{2A9C90CA-BCD8-46FC-AE46-1371B39FBE88}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{2EE4FD3B-A41E-4D48-89D6-60846FB7F44E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{32949B98-CAAE-450F-855C-D5DFAF7D0F91}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{35650932-B218-4D8B-BE3F-66D8DA38D455}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{398E9AA0-FABA-4CAB-8C7B-620705CFCE1B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3DA51F33-1A0D-4367-9285-A79C5BD6BED6}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{54A02AF8-FBB5-4FED-A630-25F9020C5A39}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{56ACFBEA-A11D-4302-A8C4-F093FF4E6AD6}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher |
"{62E76AC4-9CCC-4015-802C-E6AF510B5F4D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{64FFAD97-7949-44CE-9122-04548F338709}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{662F3E4F-6648-4E28-A596-C891D23550A0}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{6AFF2DE8-E2D6-4140-9768-C34F719C3A59}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7424ADDD-AC6D-4199-A82B-7EC682D5AC37}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{746BC5DD-88EF-48FC-8D54-0C60CF89C6E1}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7D618C44-BFCF-487A-9BC1-22B4E92A6F87}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{7EC8E5D8-F58D-464E-BE0E-4176F51DB44F}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{81B4DC9A-FB88-4C21-A937-01EABA5A7EBD}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{83D33BCD-0072-429E-88A6-DE9F6C0CCDD1}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{85A7F939-EE91-471C-8061-C1CF61500468}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{8609534B-954F-4470-9C45-D72E67F59580}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{8F4A74EF-F3B6-4FD8-A3B1-2CEDDF406CF7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{97566BF3-215D-4485-BC07-57738BBFDA75}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{9836EEAC-B78A-441D-B1BA-1D9D3140C654}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{9B01DC72-466B-4A89-9F0E-3D2CCB6AED60}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{A61EDF1D-71D3-422C-93F1-D50E4AEE9431}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A986652F-7D60-4F6A-83F5-77BAAD81CFE1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{B1114B17-3B16-485C-92FE-A276A6B41A70}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
"{B94FFD26-DD6C-492A-8A2A-8EC8B0663BF3}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{BE9785A8-8327-4CA9-824E-FC887117A97B}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher |
"{BFDB6E35-2257-4927-803F-61738D78C1BA}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{C4938FD5-7529-4645-AADE-7904F6BC3816}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{D02E09A6-3924-40A6-852D-2F5C4973F6E6}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{D15DC202-13C4-4AFD-8721-6EBDB88BC4F1}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher |
"{D6D8CFC2-4017-4929-8691-AAB77E868BFA}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{DF58A3DE-8402-47C2-9E9A-0B39FA3B880B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DF9562DD-0F3A-4018-990A-C825BC8B73C5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E2630D3E-7EC1-44D9-9D19-1168C11A1020}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
"{E4D0D7DD-C6E9-477A-9A80-1FD05266EFDB}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{E9F0F218-1A02-457D-ADB0-B945D5BCDC19}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F3C3470A-3CC9-48EB-B25F-78C28F704049}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{F67B132F-843E-4983-A362-423B0B9B3BD7}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{FCD5EF61-FD8D-4667-A755-764298F7140C}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{FEA872A3-92E0-4417-9753-C90F7920514E}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EC0757-290C-4061-A867-A68C6ADEEE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0A0FB620-0641-49A0-A3B9-FD3920BAB62C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{0E43AC73-08AF-47A5-BB8F-C194AD2E1B0A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{0FEB7246-CF41-4919-85DD-02021B4B183F}" = protocol=17 | dir=in | app=d:\anno 1404\anno4.exe |
"{1075578C-C548-49C3-BA60-3AB6E020CBD1}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{147AC8CC-1B3D-435F-BFFC-94814E623DBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{180E3DF4-14DD-4838-9FC9-FB5C93A54DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{19DCD7B5-C6E9-42FB-8ABB-3E912AE63DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{1FB34491-9D76-46AF-BFB5-BAA3210BF1EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1FE1AD36-BF3B-4DBC-A0C8-CB0138DC7ECE}" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{256B7BAA-B553-4BB8-BEBB-E9FD0627EC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{26E16189-4B65-41BA-B0E3-73D36F03535F}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{28733288-61A5-4D76-8041-203E09B21E38}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{3004732B-12D5-4B79-82AC-98D89EB463BA}" = protocol=6 | dir=in | app=d:\anno 1404\anno4.exe |
"{32FEC8BE-0F21-4F4D-8B83-DF74AAB8E8BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{33A64507-E6D1-4371-B6BB-DD64A7497707}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{3509916F-E046-428B-8EB1-CC1B979F81AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3558D30B-BB6C-45D5-B6ED-F6F67BC12F07}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{37F7423B-0E43-451C-BC45-AF043E8DF300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38EB86AD-48C4-4824-A455-DEA97E25B341}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3CE7E603-77EE-44DE-8EA6-AD0B92957F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{3D6028A0-26E8-446A-A717-40D2CD623606}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{4075D48F-FF6E-45A0-A2C2-4F75C0AE1EFA}" = protocol=17 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{41858A83-894C-4839-BCF4-7BA476BCCCAD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{42490839-6B60-4C58-9AB1-C00FB02549ED}" = protocol=17 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{42F2D0FB-7112-4215-9963-C91E1EE5FC8E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{485827B3-18F7-411B-B12E-E5CB3BE47F27}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{49F34266-7B49-4918-8241-420102C7C1DA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{4E7A5E91-A962-487D-8700-ED9452233824}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{4FD821ED-80C5-42CE-9081-84407B1B1E09}" = protocol=6 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{509961EF-BCEE-4AE6-B738-67D7266B5899}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{55F65634-495C-4FF3-A36F-ACC92F1F9692}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{5D61C2D2-B88A-4D78-AA9E-D710F5E62A47}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D8D9001-7F7E-4F4F-B975-471F469346DC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{5DBA00CD-29C1-4C61-B256-A782AF1A8681}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{61F40945-E160-45E1-BBEF-26A905E74520}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{65397D2F-CE35-4B54-91BC-FBCFB1E258AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{6B42FF64-18A3-4102-98AB-8918D0A2D3A2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{6C8ACBF8-0DAA-4204-8079-C805F77F2C74}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{6D054E52-B7A8-4207-883E-467995E19839}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6D22E575-D7A3-407F-9805-E9F81DD9DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6EE1E78A-8987-4C5A-8DD3-955E2F78A62D}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{6FDB91BB-348F-40D2-AA67-9FB22A262C88}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{70407DA0-33DE-435F-A6A0-3EF4CDBA5010}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{7217C7F3-7B28-4FB2-B5E7-2F7777FFD571}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{790F92EC-0CBA-4745-B319-984474D784F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{7FAA6F37-9D0B-466D-94C3-BF57AA32F821}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{82CFD8CB-9A08-494C-9E90-5E02BCBF6BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{86BF0B12-6FA5-4865-80F8-C2E58509356C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8D67C057-0E34-4847-8A13-3F71CFD146DE}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{9262CC86-FC85-4FBB-BA64-A9B15CDB71B3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{99A701B7-04E1-472E-8224-5C7638D5D803}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{9DC57F02-8032-403C-AB1B-E5E393AAA34D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{9F2BA068-4169-4846-8A3D-6FC2E59D5F81}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9F6B228D-25BD-4280-8F8D-AA0BBC34348C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{A2AF22DF-7E79-481F-B5BE-9EB3D0170E16}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A91F9657-7027-45C5-9EA7-919721F7708F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{AAA058FA-C0C4-4778-86DF-1319C48557F6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{AC9EED3A-6B8C-49BE-B7D0-46CE8BB4E1CC}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{ACD1CD2B-1B10-4760-A48D-70C13CCFBE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{ACE2F1B8-247E-4EEA-B064-F7A468F53F4C}" = protocol=6 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{B06BC62F-35A2-431D-9180-4E8EC75E0431}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B16F3FAE-CA96-4206-ACD9-918C1102DF04}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{BF9528DC-A4C0-4FD8-AEA6-165FC9E87684}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6F6A74F-FEF9-4763-B083-BFDE554BAF47}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{C8C1E474-3755-439B-A439-5761DB8DB3C2}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{CC5A43EB-FCD9-43DF-B2DE-485A5D8D302F}" = protocol=6 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{CF9AF341-4880-496C-BAB2-F6DC1C39D833}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{D444A711-3E97-472E-917A-AC417EBF86A8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{E9C822EB-39B8-4BF9-B77D-2D99AD0A9160}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{EA05B816-E828-4FFF-86C0-3A11685BC4EB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{ED96E4FF-18C5-44ED-BB9F-347E5735C3D4}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{EE608B8D-C51A-4B7E-8990-D80232325056}" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{F17F53CC-02E2-40B8-8FD3-54276F2B61FE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{F85B3FB4-A236-4ED8-9813-2EE7FE365447}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FDD0B838-9ECC-49D7-BD78-185355110AB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{0A6A9548-2F0F-43E1-8124-50F2EBF3D9A1}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{19825952-666A-4C31-820F-22EBB1FD5CA2}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{21A9372D-FA6B-466B-A6D8-15DFAF3A8FF0}D:\railroad tycoon 3\rt3.exe" = protocol=6 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"TCP Query User{231615DF-8710-4B00-A39E-C66BC06DEA91}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{266210F0-52CA-4374-AA5D-ED6F2D97E917}D:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"TCP Query User{2D81E067-AA03-4AA5-9867-9FE3AC01843A}D:\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"TCP Query User{3651F95A-0899-448A-9689-2DA366C150C0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3B422D98-C8BD-4D36-9BDE-643155332086}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{47AD7556-FC5A-449B-9910-BED93BBAFEF6}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=6 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"TCP Query User{52768D67-7C8A-4008-B080-77F3814E71DA}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{6F2F0D52-D096-48D2-8AAD-5F3D0C36CEF1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{76FC457E-78E3-4871-A6C4-404A39DE5442}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"TCP Query User{7B2233E4-97A3-482B-B3CC-11D91F79D7F4}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{87BFB24A-976D-43DD-87FC-22A6CA0258F2}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{896EF397-6830-4A44-BAD6-7988DF35775C}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{8D874946-CEA3-451C-8E5D-7CFA0E287FD8}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{9275510A-6555-421F-8186-28B434018D39}D:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno 1701\anno1701.exe |
"TCP Query User{99336BCD-E29C-4ABB-9F08-82E2FA8B8EA7}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{9A648480-01DD-4EF1-AAFC-6B6827D4EAC5}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{A2E91762-2B92-4471-AC04-AA829A5BF289}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B947C281-995F-4987-8654-B2AAEF7F79CA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{DD332D19-ADF6-43EE-9AB8-83C1D6A1309C}D:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"TCP Query User{DDB26811-85B6-4061-BE9C-FE7F8FD56E33}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{E672722F-7F7D-4769-9CD0-B9476D9DAC9C}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{F6ABFD77-B38A-488D-B4F2-CA2A1F08D147}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{0D01525D-F534-4759-BACA-46B37890F50A}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{0E9768DA-6A90-4F2B-975E-C8825655CFAA}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{1A1F6B0C-2248-4235-800E-8DAA01FC876B}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{22BE2D74-A50B-4723-B580-0CF85D3A470E}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=17 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"UDP Query User{2CFB3E16-3389-44EF-991C-279D6425E4B5}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{2EFC8566-CB07-48F7-A45A-0E29D81C3DD2}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{2F30FB1D-9C69-4D3E-B9AA-D133B56D273A}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4814E675-FDCE-4BF8-8E43-C0A66BCDA3A3}D:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno 1701\anno1701.exe |
"UDP Query User{4AE1D5C2-922F-43F0-AF22-7C6B4E102125}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{4D5F8977-9B28-48DA-B5DD-4FB73D9D8628}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{4F0CBE65-97B4-4427-82EA-16D75577DD20}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{54DD48B6-0EB4-4536-BD82-EA299F0525D6}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{6E6A9448-8FD6-40A3-A1DA-BFBAE1FDFE3C}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{72B64D7E-0886-4FE8-BADD-451A061C0C21}D:\railroad tycoon 3\rt3.exe" = protocol=17 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"UDP Query User{731C64F6-4F3E-44E6-B841-E4DB15AE06D1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{74EAAE46-5521-4539-97E4-E4708BDE167C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{85C30DD1-1B19-4263-9F7A-D1A4A4E214D5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{AB5928FE-22D3-4188-88C8-1D58F6EA980A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{BB77E1E3-22BA-4CBD-A1C6-9D0FAA096A8A}D:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"UDP Query User{BD3F81B6-DEBD-41E2-AF6A-1C249BC28C5D}D:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"UDP Query User{CFAD3A05-A922-48D3-B2EA-A7B29A0C1C67}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{D8CC421A-3DF3-4BB4-A5E6-6CF7630105A0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E28F8368-FAF8-4F4A-AAB2-0DE78D387437}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"UDP Query User{F17246BE-D6ED-493C-BEE1-482A9C7E1EB3}D:\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"UDP Query User{FD0B9F42-CE32-4406-BC33-8F11372DBD34}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2C22EA92-CB30-4932-0046-020001000000}" = InfraRecorder 0.46 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA version 201201
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF5A3DC-D774-4991-860E-0B4D2C372BA6}" = BenQ Web Camera
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Civilization V" = Sid Meier's Civilization V
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"Jagged Alliance 2" = Jagged Alliance 2
"League of Legends_is1" = League of Legends
"Lernerfolg Vorschule - Capt'n Sharky" = Lernerfolg Vorschule - Capt'n Sharky
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Ravensburger tiptoi" = Ravensburger tiptoi
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 204920" = Jagged Alliance - Back in Action Demo
"Steam App 216690" = XCOM: Enemy Unknown Demo
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 39160" = Dungeon Siege III
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.4.2596
"Trackplanner_is1" = Trackplanner 1.1.12
"Uplay" = Uplay
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
"wintrack10demo_is1" = WinTrack Demo Version 10.0 3D
"WinUAE" = WinUAE 1.5.3
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2011 3:03:08 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:30 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:31 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/17/2011 5:33:28 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xfd0,
application start time 0x01cc5d254d25cf60.
Error - 8/19/2011 4:19:20 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xe38,
application start time 0x01cc5ead44bb44c0.
Error - 8/20/2011 3:49:38 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x11f0,
application start time 0x01cc5f724aa1c6f0.
Error - 8/21/2011 2:05:04 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10b8,
application start time 0x01cc602cd8629450.
Error - 8/22/2011 4:05:02 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10f8,
application start time 0x01cc6106c5353560.
[ System Events ]
Error - 1/14/2013 7:00:26 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 1/14/2013 7:01:06 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 1/14/2013 9:31:03 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/14/2013 9:32:16 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/14/2013 9:33:37 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/14/2013 9:33:37 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/14/2013 10:57:08 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/14/2013 10:58:14 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/14/2013 10:59:51 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/14/2013 10:59:51 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
14.01.2013, 21:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 14:21
| #13 |
| | Infizierung mit Sirefef.AH hier die logs Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=71336ddf16327446bd06cd3e59fa1528
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-15 03:51:18
# local_time=2013-01-15 04:51:18 (+0100, W. Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 99 6690 223645168 0 0
# compatibility_mode=5892 16776574 100 100 144846 195745878 0 0
# scanned=111860
# found=0
# cleaned=0
# scan_time=2792
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=71336ddf16327446bd06cd3e59fa1528
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-15 01:15:43
# local_time=2013-01-15 02:15:43 (+0100, W. Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 99 40555 223679033 33337 0
# compatibility_mode=5892 16776574 100 100 178711 195779743 0 0
# scanned=246712
# found=0
# cleaned=0
# scan_time=5993
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.15.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Cak :: CAK-PC [Administrator] 1/15/2013 2:22:01 PM mbam-log-2013-01-15 (14-22-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233289 Laufzeit: 2 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.01.2013, 16:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit Sirefef.AH Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 16:54
| #15 |
| | Infizierung mit Sirefef.AH Auf den ertsen Blick schauts erstmal ok aus Firefox geht nicht mehr kommt diese Fehlermeldung Profil nicht vorhanden Ihr Profil "Firefox" kann nicht geladen werden. Es ist möglicherweise nicht vorhanden oder ein Zugriff ist nicht möglich. IE is recht langsam Passwörter denk ich mal muss ich alle ändern also Online Banking , E-Mail etc. Dann noch die dumme Frage zum Schluss: Wenn ich jetzt des System neu aufsetze dann hätten wir uns eigentlich die ganze Sache sparen können oder ? |
|
| Themen zu Infizierung mit Sirefef.AH |
| akamai, antivir, application/pdf:, audiograbber, autorun, avira, bonjour, desktop, down, entfernen, error, firefox, flash player, format, home, install.exe, launch, league of legends, logfile, mozilla, nvidia update, plug-in, popup, realtek, recycle.bin, registry, rootkit.0access, samsung kies, server, software, teamspeak, vista, visual studio |
Linear-Darstellung
