| |
| |||||||
Log-Analyse und Auswertung: Trojaner Bebloh eingefangen oder nicht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.02.2013, 15:24
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner Bebloh eingefangen oder nicht? Hm muss ne neuere Funktion sein, in den Anleitungen ist von QuickScans nirgends die Rede. Lass den Haken mal raus, also an Anleitung handeln. So tun als wäre er nicht da, also Haken raus
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.02.2013, 15:30
| #17 |
| | Trojaner Bebloh eingefangen oder nicht? noch eine frage:
__________________nur die systempartition C:\ oder auch E:\ & F:\ scannen? E: ist für ACDSEE daten und F: ist für alle Dateien Geändert von spruce (05.02.2013 um 15:35 Uhr) |
|
05.02.2013, 15:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? Lt. unserer Anleitung nur C
__________________
__________________ |
|
05.02.2013, 16:37
| #19 |
| | Trojaner Bebloh eingefangen oder nicht? GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-05 16:28:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3276GSX rev.GS001A 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\uxldipob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075311401 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075311419 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075311431 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007531144a 2 bytes [31, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753114dd 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007531150d 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007531153d 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075311555 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007531156d 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075311585 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007531159d 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753115b5 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753115cd 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes [31, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1792] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000727b17fa 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1792] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000727b1860 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1792] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000727b1942 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1792] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000727b194d 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000727b17fa 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000727b1860 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000727b1942 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000727b194d 2 bytes [7B, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075311401 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075311419 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075311431 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007531144a 2 bytes [31, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000753114dd 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007531150d 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007531153d 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075311555 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007531156d 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075311585 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007531159d 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000753115b5 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000753115cd 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes [31, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075311401 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075311419 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075311431 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007531144a 2 bytes [31, 75]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753114dd 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753114f5 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007531150d 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075311525 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007531153d 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075311555 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007531156d 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075311585 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007531159d 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753115b5 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753115cd 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753116b2 2 bytes [31, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753116bd 2 bytes [31, 75]
---- Devices - GMER 2.0 ----
Device \Driver\atapi \Device\Dev_fffffa8004ba6060 fffffa800829b880
Device \Driver\atapi \Device\Dev_fffffa8004abd060 fffffa800829b880
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [2152:1280] 000007fef5099688
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186397a60
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186397a60 (not active ControlSet)
---- EOF - GMER 2.0 ----
aswMBR hat auch einen quickscan, ich werde hier wieder nur C:\ auswählen!  Ich habe den aswMBR scan vorhin laufen lassen, als ich wieder nach dem Rechner schaute sah ich, dass er neu gestartet hatte (Anmeldefenster). Windows wollte dann nach Anmeldung erstmal nach Fehlern suchen da ein unerwartetes Herunterfahren stattgefunden hatte, das habe ich abgebrochen. Scheint ja nicht ok zu sein da in der Anleitung stand: -Warte bitte bis Scan finished successfully im DOS Fenster steht. -Drücke auf Save Log und speichere diese auf dem Desktop. wie weiter? oder nochmal aswMBR ausführen und augen nicht vom monitor entfernen? |
|
06.02.2013, 10:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? aswMBR einfach nochmal probieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 13:15
| #21 |
| | Trojaner Bebloh eingefangen oder nicht? nun, aswMBR endete mit AV scan in beiden modi "quickscan" (1x versucht) und "C:\" (2x versucht) mit einem bluscreenerror, beim letzten mal habe ich mitfilmen können wann: scanning: C:\ProgrammData\Adobe\ARM\Reader_10.1.4\20547\AcrobatUpdater.exe ob das die anderen male an der selben stelle war ist fraglich! Hier das logfile von aswMBR ohne AV scan (none) aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-06 12:21:04 ----------------------------- 12:21:04.409 OS Version: Windows x64 6.1.7601 Service Pack 1 12:21:04.409 Number of processors: 2 586 0x1706 12:21:04.409 ComputerName: *** UserName: *** 12:21:06.281 Initialize success 12:21:16.795 AVAST engine defs: 13020500 12:21:54.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 12:21:54.890 Disk 0 Vendor: TOSHIBA_MK3276GSX GS001A Size: 305245MB BusType: 11 12:21:54.890 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 12:21:54.890 Disk 1 Vendor: TOSHIBA_MK3276GSX GS001A Size: 305245MB BusType: 11 12:21:54.906 Disk 0 MBR read successfully 12:21:54.906 Disk 0 MBR scan 12:21:54.921 Disk 0 Windows 7 default MBR code 12:21:54.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305244 MB offset 63 12:21:54.968 Disk 0 scanning C:\Windows\system32\drivers 12:22:04.281 Service scanning 12:22:31.722 Modules scanning 12:22:31.722 Disk 0 trace - called modules: 12:22:31.753 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 12:22:31.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7c060] 12:22:31.769 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> [0xfffffa8004c7b6c0] 12:22:31.769 5 hpdskflt.sys[fffff8800219c189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b561f0] 12:22:31.784 Scan finished successfully 12:23:33.436 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat" 12:23:33.451 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR-logfile-ohne-av-scan.txt" Im Anhang noch die Windows Meldung nach dem Neustart nach BlueScreenError! Und eine Meldung die ich gestern Abend erhielt als ich die Java Version überprüfen wollte, sowas wurde mir früher dabei nicht angezeigt! Übrigens habe ich in letzter Zeit öfter e-mails erhalten die persönlich an mich gerichtet sind und mich dazu verleiten sollten auf einen bestimmten Link zu gehen der mit "exanetba.com" oder "redirectlevel24.com" beginnt. bisher habe ich das glaube ich vermeiden können. |
|
06.02.2013, 14:25
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 15:22
| #23 |
| | Trojaner Bebloh eingefangen oder nicht? TDSS hat zwei gefunden: 1. JMCR 2. PassThru Service Code:
ATTFilter 15:12:57.0677 4916 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:12:57.0943 4916 ============================================================
15:12:57.0943 4916 Current date / time: 2013/02/06 15:12:57.0943
15:12:57.0943 4916 SystemInfo:
15:12:57.0943 4916
15:12:57.0943 4916 OS Version: 6.1.7601 ServicePack: 1.0
15:12:57.0943 4916 Product type: Workstation
15:12:57.0943 4916 ComputerName: ***
15:12:57.0943 4916 UserName: ***
15:12:57.0943 4916 Windows directory: C:\Windows
15:12:57.0943 4916 System windows directory: C:\Windows
15:12:57.0943 4916 Running under WOW64
15:12:57.0943 4916 Processor architecture: Intel x64
15:12:57.0943 4916 Number of processors: 2
15:12:57.0943 4916 Page size: 0x1000
15:12:57.0943 4916 Boot type: Normal boot
15:12:57.0943 4916 ============================================================
15:12:58.0894 4916 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:12:59.0269 4916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:12:59.0284 4916 ============================================================
15:12:59.0284 4916 \Device\Harddisk1\DR1:
15:12:59.0284 4916 MBR partitions:
15:12:59.0284 4916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E000
15:12:59.0284 4916 \Device\Harddisk0\DR0:
15:12:59.0284 4916 MBR partitions:
15:12:59.0284 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A98000
15:12:59.0284 4916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A98800, BlocksNum 0x21995000
15:12:59.0284 4916 ============================================================
15:12:59.0331 4916 C: <-> \Device\Harddisk1\DR1\Partition1
15:12:59.0362 4916 E: <-> \Device\Harddisk0\DR0\Partition1
15:12:59.0378 4916 F: <-> \Device\Harddisk0\DR0\Partition2
15:12:59.0378 4916 ============================================================
15:12:59.0378 4916 Initialize success
15:12:59.0378 4916 ============================================================
15:14:18.0922 3168 ============================================================
15:14:18.0922 3168 Scan started
15:14:18.0922 3168 Mode: Manual; SigCheck; TDLFS;
15:14:18.0922 3168 ============================================================
15:14:19.0577 3168 ================ Scan system memory ========================
15:14:19.0577 3168 System memory - ok
15:14:19.0577 3168 ================ Scan services =============================
15:14:19.0718 3168 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:14:19.0811 3168 1394ohci - ok
15:14:19.0843 3168 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:14:19.0858 3168 Accelerometer - ok
15:14:19.0921 3168 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:14:19.0936 3168 ACDaemon - ok
15:14:19.0967 3168 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:14:19.0983 3168 ACPI - ok
15:14:20.0014 3168 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:14:20.0092 3168 AcpiPmi - ok
15:14:20.0170 3168 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:14:20.0186 3168 AdobeARMservice - ok
15:14:20.0326 3168 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:14:20.0342 3168 AdobeFlashPlayerUpdateSvc - ok
15:14:20.0404 3168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:14:20.0435 3168 adp94xx - ok
15:14:20.0467 3168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:14:20.0482 3168 adpahci - ok
15:14:20.0513 3168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:14:20.0529 3168 adpu320 - ok
15:14:20.0545 3168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:14:20.0654 3168 AeLookupSvc - ok
15:14:20.0732 3168 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
15:14:20.0763 3168 AESTFilters - ok
15:14:20.0810 3168 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:14:20.0857 3168 AFD - ok
15:14:20.0903 3168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:14:20.0919 3168 agp440 - ok
15:14:20.0935 3168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:14:20.0966 3168 ALG - ok
15:14:20.0997 3168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:14:21.0013 3168 aliide - ok
15:14:21.0028 3168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:14:21.0044 3168 amdide - ok
15:14:21.0075 3168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:14:21.0122 3168 AmdK8 - ok
15:14:21.0137 3168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:14:21.0184 3168 AmdPPM - ok
15:14:21.0231 3168 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:14:21.0247 3168 amdsata - ok
15:14:21.0293 3168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:21.0309 3168 amdsbs - ok
15:14:21.0325 3168 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:14:21.0340 3168 amdxata - ok
15:14:21.0387 3168 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:14:21.0496 3168 AppID - ok
15:14:21.0543 3168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:14:21.0590 3168 AppIDSvc - ok
15:14:21.0652 3168 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:14:21.0699 3168 Appinfo - ok
15:14:21.0886 3168 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:14:21.0902 3168 Apple Mobile Device - ok
15:14:21.0949 3168 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:14:21.0995 3168 AppMgmt - ok
15:14:22.0027 3168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:14:22.0042 3168 arc - ok
15:14:22.0058 3168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:14:22.0073 3168 arcsas - ok
15:14:22.0105 3168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:22.0151 3168 AsyncMac - ok
15:14:22.0198 3168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:14:22.0198 3168 atapi - ok
15:14:22.0245 3168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:14:22.0307 3168 AudioEndpointBuilder - ok
15:14:22.0323 3168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:14:22.0370 3168 AudioSrv - ok
15:14:22.0417 3168 [ 5A2F3814EB499CD22826182BF2ACA32D ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys
15:14:22.0448 3168 AVEO - ok
15:14:22.0526 3168 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
15:14:22.0541 3168 AVP - ok
15:14:22.0588 3168 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:14:22.0635 3168 AxInstSV - ok
15:14:22.0682 3168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:14:22.0713 3168 b06bdrv - ok
15:14:22.0744 3168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:14:22.0775 3168 b57nd60a - ok
15:14:22.0807 3168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:14:22.0822 3168 BDESVC - ok
15:14:22.0869 3168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:14:22.0916 3168 Beep - ok
15:14:22.0963 3168 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:14:23.0009 3168 BFE - ok
15:14:23.0041 3168 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:14:23.0119 3168 BITS - ok
15:14:23.0150 3168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:14:23.0165 3168 blbdrive - ok
15:14:23.0259 3168 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:14:23.0275 3168 Bonjour Service - ok
15:14:23.0321 3168 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:14:23.0353 3168 bowser - ok
15:14:23.0399 3168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:14:23.0477 3168 BrFiltLo - ok
15:14:23.0493 3168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:14:23.0509 3168 BrFiltUp - ok
15:14:23.0555 3168 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:14:23.0571 3168 Browser - ok
15:14:23.0602 3168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:14:23.0633 3168 Brserid - ok
15:14:23.0649 3168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:23.0680 3168 BrSerWdm - ok
15:14:23.0696 3168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:23.0727 3168 BrUsbMdm - ok
15:14:23.0743 3168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:23.0774 3168 BrUsbSer - ok
15:14:23.0805 3168 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:14:23.0867 3168 BthEnum - ok
15:14:23.0899 3168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:23.0914 3168 BTHMODEM - ok
15:14:23.0945 3168 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:14:23.0992 3168 BthPan - ok
15:14:24.0008 3168 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:14:24.0070 3168 BTHPORT - ok
15:14:24.0117 3168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:14:24.0164 3168 bthserv - ok
15:14:24.0195 3168 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:14:24.0226 3168 BTHUSB - ok
15:14:24.0273 3168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:14:24.0320 3168 cdfs - ok
15:14:24.0367 3168 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:14:24.0382 3168 cdrom - ok
15:14:24.0413 3168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:14:24.0476 3168 CertPropSvc - ok
15:14:24.0507 3168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:14:24.0538 3168 circlass - ok
15:14:24.0585 3168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:14:24.0601 3168 CLFS - ok
15:14:24.0679 3168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:24.0694 3168 clr_optimization_v2.0.50727_32 - ok
15:14:24.0725 3168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:24.0725 3168 clr_optimization_v2.0.50727_64 - ok
15:14:24.0819 3168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:24.0835 3168 clr_optimization_v4.0.30319_32 - ok
15:14:24.0881 3168 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:24.0881 3168 clr_optimization_v4.0.30319_64 - ok
15:14:24.0913 3168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:24.0944 3168 CmBatt - ok
15:14:24.0959 3168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:14:24.0975 3168 cmdide - ok
15:14:25.0006 3168 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:14:25.0037 3168 CNG - ok
15:14:25.0053 3168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:14:25.0069 3168 Compbatt - ok
15:14:25.0115 3168 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:14:25.0131 3168 CompositeBus - ok
15:14:25.0162 3168 COMSysApp - ok
15:14:25.0162 3168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:25.0178 3168 crcdisk - ok
15:14:25.0225 3168 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:14:25.0256 3168 CryptSvc - ok
15:14:25.0318 3168 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:14:25.0349 3168 CSC - ok
15:14:25.0396 3168 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:14:25.0427 3168 CscService - ok
15:14:25.0474 3168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:14:25.0537 3168 DcomLaunch - ok
15:14:25.0583 3168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:14:25.0630 3168 defragsvc - ok
15:14:25.0661 3168 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:14:25.0708 3168 DfsC - ok
15:14:25.0739 3168 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:14:25.0771 3168 Dhcp - ok
15:14:25.0786 3168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:14:25.0817 3168 discache - ok
15:14:25.0849 3168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:14:25.0864 3168 Disk - ok
15:14:25.0895 3168 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:14:25.0927 3168 Dnscache - ok
15:14:25.0958 3168 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:14:26.0005 3168 dot3svc - ok
15:14:26.0036 3168 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:14:26.0083 3168 DPS - ok
15:14:26.0129 3168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:14:26.0161 3168 drmkaud - ok
15:14:26.0207 3168 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:14:26.0239 3168 DXGKrnl - ok
15:14:26.0270 3168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:14:26.0317 3168 EapHost - ok
15:14:26.0410 3168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:14:26.0488 3168 ebdrv - ok
15:14:26.0535 3168 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:14:26.0551 3168 EFS - ok
15:14:26.0613 3168 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:14:26.0660 3168 ehRecvr - ok
15:14:26.0691 3168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:14:26.0722 3168 ehSched - ok
15:14:26.0785 3168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:14:26.0800 3168 elxstor - ok
15:14:26.0878 3168 [ DE9402E080E9E3C94A9FD3FCF65DE369 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:14:26.0909 3168 enecir - ok
15:14:26.0941 3168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:14:26.0956 3168 ErrDev - ok
15:14:27.0019 3168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:14:27.0050 3168 EventSystem - ok
15:14:27.0097 3168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:14:27.0143 3168 exfat - ok
15:14:27.0175 3168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:14:27.0221 3168 fastfat - ok
15:14:27.0268 3168 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:14:27.0299 3168 Fax - ok
15:14:27.0331 3168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:14:27.0331 3168 fdc - ok
15:14:27.0362 3168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:14:27.0409 3168 fdPHost - ok
15:14:27.0424 3168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:14:27.0487 3168 FDResPub - ok
15:14:27.0502 3168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:14:27.0518 3168 FileInfo - ok
15:14:27.0549 3168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:14:27.0596 3168 Filetrace - ok
15:14:27.0596 3168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:27.0627 3168 flpydisk - ok
15:14:27.0643 3168 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:14:27.0658 3168 FltMgr - ok
15:14:27.0705 3168 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:14:27.0736 3168 FontCache - ok
15:14:27.0783 3168 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:27.0783 3168 FontCache3.0.0.0 - ok
15:14:27.0814 3168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:14:27.0830 3168 FsDepends - ok
15:14:27.0830 3168 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:14:27.0845 3168 Fs_Rec - ok
15:14:27.0892 3168 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
15:14:27.0892 3168 FTDIBUS - ok
15:14:27.0923 3168 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
15:14:27.0939 3168 FTSER2K - ok
15:14:27.0986 3168 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:14:28.0017 3168 fvevol - ok
15:14:28.0048 3168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:28.0064 3168 gagp30kx - ok
15:14:28.0126 3168 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:14:28.0126 3168 GEARAspiWDM - ok
15:14:28.0157 3168 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:14:28.0220 3168 gpsvc - ok
15:14:28.0329 3168 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:28.0345 3168 gupdate - ok
15:14:28.0376 3168 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:28.0391 3168 gupdatem - ok
15:14:28.0423 3168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:14:28.0438 3168 hcw85cir - ok
15:14:28.0501 3168 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:14:28.0516 3168 HdAudAddService - ok
15:14:28.0547 3168 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:14:28.0594 3168 HDAudBus - ok
15:14:28.0610 3168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:28.0641 3168 HidBatt - ok
15:14:28.0657 3168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:14:28.0688 3168 HidBth - ok
15:14:28.0735 3168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:14:28.0750 3168 HidIr - ok
15:14:28.0766 3168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:14:28.0813 3168 hidserv - ok
15:14:28.0859 3168 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:14:28.0875 3168 HidUsb - ok
15:14:28.0906 3168 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:14:28.0953 3168 hkmsvc - ok
15:14:28.0984 3168 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:14:29.0000 3168 HomeGroupListener - ok
15:14:29.0047 3168 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:14:29.0062 3168 HomeGroupProvider - ok
15:14:29.0093 3168 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:14:29.0109 3168 hpdskflt - ok
15:14:29.0156 3168 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:14:29.0171 3168 HpSAMD - ok
15:14:29.0187 3168 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:14:29.0203 3168 hpsrv - ok
15:14:29.0234 3168 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:14:29.0281 3168 HTCAND64 - ok
15:14:29.0327 3168 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:14:29.0343 3168 htcnprot - ok
15:14:29.0374 3168 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:14:29.0437 3168 HTTP - ok
15:14:29.0452 3168 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:14:29.0468 3168 hwpolicy - ok
15:14:29.0499 3168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:14:29.0515 3168 i8042prt - ok
15:14:29.0546 3168 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:14:29.0577 3168 iaStorV - ok
15:14:29.0608 3168 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:29.0639 3168 idsvc - ok
15:14:29.0671 3168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:14:29.0686 3168 iirsp - ok
15:14:29.0733 3168 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:14:29.0795 3168 IKEEXT - ok
15:14:29.0827 3168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:14:29.0842 3168 intelide - ok
15:14:29.0873 3168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:14:29.0889 3168 intelppm - ok
15:14:29.0920 3168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:14:29.0967 3168 IPBusEnum - ok
15:14:29.0998 3168 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:30.0045 3168 IpFilterDriver - ok
15:14:30.0092 3168 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:14:30.0123 3168 iphlpsvc - ok
15:14:30.0154 3168 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:14:30.0185 3168 IPMIDRV - ok
15:14:30.0217 3168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:14:30.0263 3168 IPNAT - ok
15:14:30.0341 3168 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:14:30.0357 3168 iPod Service - ok
15:14:30.0388 3168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:14:30.0451 3168 IRENUM - ok
15:14:30.0482 3168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:14:30.0498 3168 isapnp - ok
15:14:30.0529 3168 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:14:30.0544 3168 iScsiPrt - ok
15:14:30.0607 3168 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:14:30.0607 3168 JMCR ( UnsignedFile.Multi.Generic ) - warning
15:14:30.0607 3168 JMCR - detected UnsignedFile.Multi.Generic (1)
15:14:30.0622 3168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:14:30.0638 3168 kbdclass - ok
15:14:30.0654 3168 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:14:30.0669 3168 kbdhid - ok
15:14:30.0685 3168 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:14:30.0700 3168 KeyIso - ok
15:14:30.0763 3168 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
15:14:30.0778 3168 kl1 - ok
15:14:30.0841 3168 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:14:30.0872 3168 KLIF - ok
15:14:30.0919 3168 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:14:30.0934 3168 KLIM6 - ok
15:14:30.0981 3168 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
15:14:30.0997 3168 klkbdflt - ok
15:14:31.0028 3168 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:14:31.0028 3168 klmouflt - ok
15:14:31.0090 3168 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
15:14:31.0106 3168 kltdi - ok
15:14:31.0137 3168 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
15:14:31.0153 3168 kneps - ok
15:14:31.0184 3168 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:14:31.0200 3168 KSecDD - ok
15:14:31.0215 3168 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:14:31.0231 3168 KSecPkg - ok
15:14:31.0262 3168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:14:31.0309 3168 ksthunk - ok
15:14:31.0356 3168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:14:31.0402 3168 KtmRm - ok
15:14:31.0465 3168 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:14:31.0512 3168 LanmanServer - ok
15:14:31.0543 3168 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:14:31.0590 3168 LanmanWorkstation - ok
15:14:31.0621 3168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:14:31.0668 3168 lltdio - ok
15:14:31.0699 3168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:14:31.0730 3168 lltdsvc - ok
15:14:31.0761 3168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:14:31.0792 3168 lmhosts - ok
15:14:31.0824 3168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:14:31.0839 3168 LSI_FC - ok
15:14:31.0870 3168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:14:31.0886 3168 LSI_SAS - ok
15:14:31.0886 3168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:14:31.0902 3168 LSI_SAS2 - ok
15:14:31.0917 3168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:14:31.0933 3168 LSI_SCSI - ok
15:14:31.0964 3168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:14:32.0011 3168 luafv - ok
15:14:32.0042 3168 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:14:32.0073 3168 Mcx2Svc - ok
15:14:32.0104 3168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:14:32.0104 3168 megasas - ok
15:14:32.0136 3168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:14:32.0151 3168 MegaSR - ok
15:14:32.0167 3168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:14:32.0214 3168 MMCSS - ok
15:14:32.0229 3168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:14:32.0292 3168 Modem - ok
15:14:32.0323 3168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:14:32.0354 3168 monitor - ok
15:14:32.0401 3168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:14:32.0416 3168 mouclass - ok
15:14:32.0448 3168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:14:32.0479 3168 mouhid - ok
15:14:32.0510 3168 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:14:32.0526 3168 mountmgr - ok
15:14:32.0557 3168 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:14:32.0572 3168 mpio - ok
15:14:32.0604 3168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:14:32.0635 3168 mpsdrv - ok
15:14:32.0682 3168 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:14:32.0728 3168 MpsSvc - ok
15:14:32.0744 3168 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:14:32.0775 3168 MRxDAV - ok
15:14:32.0806 3168 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:14:32.0838 3168 mrxsmb - ok
15:14:32.0869 3168 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:14:32.0916 3168 mrxsmb10 - ok
15:14:32.0931 3168 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:14:32.0962 3168 mrxsmb20 - ok
15:14:32.0978 3168 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:14:32.0994 3168 msahci - ok
15:14:33.0009 3168 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:14:33.0025 3168 msdsm - ok
15:14:33.0056 3168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:14:33.0087 3168 MSDTC - ok
15:14:33.0118 3168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:14:33.0150 3168 Msfs - ok
15:14:33.0165 3168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:14:33.0196 3168 mshidkmdf - ok
15:14:33.0212 3168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:14:33.0228 3168 msisadrv - ok
15:14:33.0274 3168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:14:33.0306 3168 MSiSCSI - ok
15:14:33.0321 3168 msiserver - ok
15:14:33.0352 3168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:14:33.0399 3168 MSKSSRV - ok
15:14:33.0415 3168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:14:33.0446 3168 MSPCLOCK - ok
15:14:33.0462 3168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:14:33.0508 3168 MSPQM - ok
15:14:33.0540 3168 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:14:33.0555 3168 MsRPC - ok
15:14:33.0602 3168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:14:33.0618 3168 mssmbios - ok
15:14:33.0649 3168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:14:33.0696 3168 MSTEE - ok
15:14:33.0711 3168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:14:33.0727 3168 MTConfig - ok
15:14:33.0742 3168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:14:33.0758 3168 Mup - ok
15:14:33.0789 3168 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:14:33.0852 3168 napagent - ok
15:14:33.0898 3168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:14:33.0930 3168 NativeWifiP - ok
15:14:33.0976 3168 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:14:34.0008 3168 NDIS - ok
15:14:34.0039 3168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:14:34.0070 3168 NdisCap - ok
15:14:34.0086 3168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:14:34.0148 3168 NdisTapi - ok
15:14:34.0179 3168 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:14:34.0226 3168 Ndisuio - ok
15:14:34.0242 3168 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:14:34.0304 3168 NdisWan - ok
15:14:34.0320 3168 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:14:34.0382 3168 NDProxy - ok
15:14:34.0413 3168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:14:34.0460 3168 NetBIOS - ok
15:14:34.0491 3168 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:14:34.0522 3168 NetBT - ok
15:14:34.0554 3168 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:14:34.0569 3168 Netlogon - ok
15:14:34.0600 3168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:14:34.0647 3168 Netman - ok
15:14:34.0678 3168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:14:34.0725 3168 netprofm - ok
15:14:34.0756 3168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:34.0756 3168 NetTcpPortSharing - ok
15:14:34.0959 3168 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:14:35.0193 3168 NETw5s64 - ok
15:14:35.0334 3168 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:14:35.0458 3168 netw5v64 - ok
15:14:35.0505 3168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:14:35.0521 3168 nfrd960 - ok
15:14:35.0568 3168 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:14:35.0614 3168 NlaSvc - ok
15:14:35.0630 3168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:14:35.0661 3168 Npfs - ok
15:14:35.0692 3168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:14:35.0724 3168 nsi - ok
15:14:35.0755 3168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:14:35.0802 3168 nsiproxy - ok
15:14:35.0848 3168 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:14:35.0895 3168 Ntfs - ok
15:14:35.0926 3168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:14:35.0973 3168 Null - ok
15:14:36.0020 3168 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:14:36.0036 3168 NVHDA - ok
15:14:36.0301 3168 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:14:36.0691 3168 nvlddmkm - ok
15:14:36.0738 3168 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:14:36.0753 3168 nvraid - ok
15:14:36.0784 3168 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:14:36.0800 3168 nvstor - ok
15:14:36.0878 3168 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:14:36.0894 3168 nvsvc - ok
15:14:36.0940 3168 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:14:36.0972 3168 nvUpdatusService - ok
15:14:37.0018 3168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:14:37.0034 3168 nv_agp - ok
15:14:37.0112 3168 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:14:37.0128 3168 odserv - ok
15:14:37.0159 3168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:14:37.0174 3168 ohci1394 - ok
15:14:37.0221 3168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:14:37.0237 3168 ose - ok
15:14:37.0252 3168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:14:37.0284 3168 p2pimsvc - ok
15:14:37.0330 3168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:14:37.0346 3168 p2psvc - ok
15:14:37.0393 3168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:14:37.0408 3168 Parport - ok
15:14:37.0440 3168 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:14:37.0440 3168 partmgr - ok
15:14:37.0518 3168 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:14:37.0533 3168 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:14:37.0533 3168 PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:14:37.0564 3168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:14:37.0596 3168 PcaSvc - ok
15:14:37.0627 3168 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:14:37.0642 3168 pci - ok
15:14:37.0674 3168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:14:37.0674 3168 pciide - ok
15:14:37.0720 3168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:14:37.0736 3168 pcmcia - ok
15:14:37.0736 3168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:14:37.0752 3168 pcw - ok
15:14:37.0767 3168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:14:37.0830 3168 PEAUTH - ok
15:14:37.0908 3168 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:14:37.0939 3168 PeerDistSvc - ok
15:14:38.0017 3168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:14:38.0032 3168 PerfHost - ok
15:14:38.0095 3168 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:14:38.0157 3168 pla - ok
15:14:38.0188 3168 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:14:38.0220 3168 PlugPlay - ok
15:14:38.0251 3168 PnkBstrA - ok
15:14:38.0282 3168 PnkBstrB - ok
15:14:38.0313 3168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:14:38.0344 3168 PNRPAutoReg - ok
15:14:38.0360 3168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:14:38.0376 3168 PNRPsvc - ok
15:14:38.0407 3168 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:14:38.0454 3168 PolicyAgent - ok
15:14:38.0485 3168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:14:38.0547 3168 Power - ok
15:14:38.0578 3168 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:14:38.0625 3168 PptpMiniport - ok
15:14:38.0656 3168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:14:38.0688 3168 Processor - ok
15:14:38.0719 3168 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:14:38.0750 3168 ProfSvc - ok
15:14:38.0766 3168 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:14:38.0797 3168 ProtectedStorage - ok
15:14:38.0828 3168 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:14:38.0875 3168 Psched - ok
15:14:38.0922 3168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:14:38.0953 3168 ql2300 - ok
15:14:38.0984 3168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:14:39.0000 3168 ql40xx - ok
15:14:39.0031 3168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:14:39.0078 3168 QWAVE - ok
15:14:39.0093 3168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:14:39.0140 3168 QWAVEdrv - ok
15:14:39.0171 3168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:14:39.0202 3168 RasAcd - ok
15:14:39.0234 3168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:14:39.0280 3168 RasAgileVpn - ok
15:14:39.0312 3168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:14:39.0358 3168 RasAuto - ok
15:14:39.0374 3168 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:14:39.0421 3168 Rasl2tp - ok
15:14:39.0452 3168 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:14:39.0499 3168 RasMan - ok
15:14:39.0546 3168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:14:39.0592 3168 RasPppoe - ok
15:14:39.0592 3168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:14:39.0639 3168 RasSstp - ok
15:14:39.0686 3168 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:14:39.0733 3168 rdbss - ok
15:14:39.0764 3168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:14:39.0795 3168 rdpbus - ok
15:14:39.0811 3168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:14:39.0858 3168 RDPCDD - ok
15:14:39.0904 3168 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:14:39.0920 3168 RDPDR - ok
15:14:39.0920 3168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:14:39.0967 3168 RDPENCDD - ok
15:14:39.0982 3168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:14:40.0014 3168 RDPREFMP - ok
15:14:40.0060 3168 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:14:40.0092 3168 RdpVideoMiniport - ok
15:14:40.0123 3168 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:14:40.0154 3168 RDPWD - ok
15:14:40.0201 3168 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:14:40.0216 3168 rdyboost - ok
15:14:40.0248 3168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:14:40.0294 3168 RemoteAccess - ok
15:14:40.0341 3168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:14:40.0372 3168 RemoteRegistry - ok
15:14:40.0435 3168 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:14:40.0450 3168 RFCOMM - ok
15:14:40.0482 3168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:14:40.0528 3168 RpcEptMapper - ok
15:14:40.0560 3168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:14:40.0575 3168 RpcLocator - ok
15:14:40.0606 3168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:14:40.0653 3168 RpcSs - ok
15:14:40.0669 3168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:14:40.0716 3168 rspndr - ok
15:14:40.0762 3168 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:14:40.0809 3168 RTL8167 - ok
15:14:40.0825 3168 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:14:40.0840 3168 SamSs - ok
15:14:40.0856 3168 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:14:40.0872 3168 sbp2port - ok
15:14:40.0918 3168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:14:40.0965 3168 SCardSvr - ok
15:14:40.0996 3168 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:14:41.0043 3168 scfilter - ok
15:14:41.0090 3168 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:14:41.0152 3168 Schedule - ok
15:14:41.0184 3168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:14:41.0230 3168 SCPolicySvc - ok
15:14:41.0246 3168 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:14:41.0277 3168 sdbus - ok
15:14:41.0293 3168 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:14:41.0324 3168 SDRSVC - ok
15:14:41.0355 3168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:14:41.0402 3168 secdrv - ok
15:14:41.0418 3168 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:14:41.0480 3168 seclogon - ok
15:14:41.0496 3168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:14:41.0542 3168 SENS - ok
15:14:41.0574 3168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:14:41.0589 3168 SensrSvc - ok
15:14:41.0620 3168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:14:41.0652 3168 Serenum - ok
15:14:41.0683 3168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:14:41.0698 3168 Serial - ok
15:14:41.0714 3168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:14:41.0745 3168 sermouse - ok
15:14:41.0776 3168 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:14:41.0823 3168 SessionEnv - ok
15:14:41.0854 3168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:14:41.0886 3168 sffdisk - ok
15:14:41.0901 3168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:14:41.0932 3168 sffp_mmc - ok
15:14:41.0948 3168 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:14:41.0979 3168 sffp_sd - ok
15:14:42.0026 3168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:14:42.0042 3168 sfloppy - ok
15:14:42.0073 3168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:14:42.0120 3168 SharedAccess - ok
15:14:42.0151 3168 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:14:42.0213 3168 ShellHWDetection - ok
15:14:42.0260 3168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:14:42.0276 3168 SiSRaid2 - ok
15:14:42.0322 3168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:14:42.0338 3168 SiSRaid4 - ok
15:14:42.0385 3168 [ A42C09C8E60FCDCCE04B722FDD4E8694 ] SLEE_18_DRIVER C:\Windows\Sleen1864.sys
15:14:42.0385 3168 SLEE_18_DRIVER - ok
15:14:42.0416 3168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:14:42.0463 3168 Smb - ok
15:14:42.0510 3168 [ D4FB7A2D9832F7567555066F53BF47BF ] SMIGrabber3C C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys
15:14:42.0541 3168 SMIGrabber3C - ok
15:14:42.0588 3168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:14:42.0603 3168 SNMPTRAP - ok
15:14:42.0634 3168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:14:42.0634 3168 spldr - ok
15:14:42.0681 3168 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:14:42.0712 3168 Spooler - ok
15:14:42.0806 3168 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:14:42.0900 3168 sppsvc - ok
15:14:42.0931 3168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:14:42.0978 3168 sppuinotify - ok
15:14:43.0024 3168 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:14:43.0071 3168 srv - ok
15:14:43.0087 3168 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:14:43.0118 3168 srv2 - ok
15:14:43.0118 3168 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:14:43.0134 3168 srvnet - ok
15:14:43.0196 3168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:14:43.0243 3168 SSDPSRV - ok
15:14:43.0258 3168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:14:43.0290 3168 SstpSvc - ok
15:14:43.0368 3168 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
15:14:43.0414 3168 STacSV - ok
15:14:43.0477 3168 Steam Client Service - ok
15:14:43.0508 3168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:14:43.0524 3168 stexstor - ok
15:14:43.0555 3168 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:14:43.0602 3168 STHDA - ok
15:14:43.0633 3168 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:14:43.0680 3168 stisvc - ok
15:14:43.0758 3168 [ DF3E643F066534BDE8E1A91E94AF3125 ] StkCMini C:\Windows\system32\Drivers\StkCMini.sys
15:14:43.0804 3168 StkCMini - ok
15:14:43.0820 3168 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:14:43.0836 3168 StorSvc - ok
15:14:43.0867 3168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:14:43.0882 3168 swenum - ok
15:14:43.0914 3168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:14:43.0976 3168 swprv - ok
15:14:44.0054 3168 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:14:44.0070 3168 SynTP - ok
15:14:44.0116 3168 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:14:44.0179 3168 SysMain - ok
15:14:44.0210 3168 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:14:44.0241 3168 TabletInputService - ok
15:14:44.0272 3168 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:14:44.0335 3168 TapiSrv - ok
15:14:44.0350 3168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:14:44.0382 3168 TBS - ok
15:14:44.0460 3168 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:14:44.0506 3168 Tcpip - ok
15:14:44.0538 3168 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:14:44.0584 3168 TCPIP6 - ok
15:14:44.0600 3168 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:14:44.0631 3168 tcpipreg - ok
15:14:44.0662 3168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:14:44.0678 3168 TDPIPE - ok
15:14:44.0709 3168 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:14:44.0725 3168 TDTCP - ok
15:14:44.0756 3168 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:14:44.0818 3168 tdx - ok
15:14:44.0850 3168 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:14:44.0865 3168 TermDD - ok
15:14:44.0896 3168 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:14:44.0943 3168 TermService - ok
15:14:44.0974 3168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:14:45.0006 3168 Themes - ok
15:14:45.0037 3168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:14:45.0068 3168 THREADORDER - ok
15:14:45.0146 3168 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:14:45.0162 3168 TomTomHOMEService - ok
15:14:45.0193 3168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:14:45.0240 3168 TrkWks - ok
15:14:45.0286 3168 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:14:45.0333 3168 TrustedInstaller - ok
15:14:45.0364 3168 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:14:45.0396 3168 tssecsrv - ok
15:14:45.0442 3168 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:14:45.0474 3168 TsUsbFlt - ok
15:14:45.0583 3168 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
15:14:45.0630 3168 TuneUp.UtilitiesSvc - ok
15:14:45.0692 3168 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
15:14:45.0692 3168 TuneUpUtilitiesDrv - ok
15:14:45.0754 3168 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:14:45.0801 3168 tunnel - ok
15:14:45.0832 3168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:14:45.0848 3168 uagp35 - ok
15:14:45.0879 3168 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:14:45.0926 3168 udfs - ok
15:14:45.0973 3168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:14:45.0988 3168 UI0Detect - ok
15:14:46.0035 3168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:14:46.0051 3168 uliagpkx - ok
15:14:46.0098 3168 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:14:46.0113 3168 umbus - ok
15:14:46.0160 3168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:14:46.0176 3168 UmPass - ok
15:14:46.0222 3168 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:14:46.0238 3168 UmRdpService - ok
15:14:46.0269 3168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:14:46.0300 3168 upnphost - ok
15:14:46.0347 3168 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:14:46.0363 3168 usbaudio - ok
15:14:46.0394 3168 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:14:46.0441 3168 usbccgp - ok
15:14:46.0472 3168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:14:46.0488 3168 usbcir - ok
15:14:46.0503 3168 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:14:46.0534 3168 usbehci - ok
15:14:46.0581 3168 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:14:46.0612 3168 usbhub - ok
15:14:46.0628 3168 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:14:46.0659 3168 usbohci - ok
15:14:46.0690 3168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:14:46.0722 3168 usbprint - ok
15:14:46.0737 3168 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:14:46.0753 3168 usbscan - ok
15:14:46.0800 3168 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
15:14:46.0831 3168 usbser - ok
15:14:46.0846 3168 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:14:46.0878 3168 USBSTOR - ok
15:14:46.0893 3168 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:14:46.0924 3168 usbuhci - ok
15:14:46.0971 3168 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:14:47.0002 3168 usbvideo - ok
15:14:47.0049 3168 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
15:14:47.0080 3168 usb_rndisx - ok
15:14:47.0112 3168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:14:47.0143 3168 UxSms - ok
15:14:47.0221 3168 [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp C:\Windows\System32\uxtuneup.dll
15:14:47.0236 3168 UxTuneUp - ok
15:14:47.0236 3168 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:14:47.0252 3168 VaultSvc - ok
15:14:47.0299 3168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:14:47.0314 3168 vdrvroot - ok
15:14:47.0346 3168 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:14:47.0377 3168 vds - ok
15:14:47.0408 3168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:14:47.0424 3168 vga - ok
15:14:47.0439 3168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:14:47.0486 3168 VgaSave - ok
15:14:47.0533 3168 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:14:47.0548 3168 vhdmp - ok
15:14:47.0564 3168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:14:47.0580 3168 viaide - ok
15:14:47.0611 3168 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:14:47.0626 3168 volmgr - ok
15:14:47.0626 3168 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:14:47.0658 3168 volmgrx - ok
15:14:47.0673 3168 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:14:47.0689 3168 volsnap - ok
15:14:47.0720 3168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:14:47.0736 3168 vsmraid - ok
15:14:47.0798 3168 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:14:47.0876 3168 VSS - ok
15:14:47.0892 3168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:14:47.0923 3168 vwifibus - ok
15:14:47.0954 3168 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:14:47.0985 3168 vwififlt - ok
15:14:48.0016 3168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:14:48.0063 3168 W32Time - ok
15:14:48.0094 3168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:14:48.0126 3168 WacomPen - ok
15:14:48.0172 3168 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:14:48.0219 3168 WANARP - ok
15:14:48.0219 3168 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:14:48.0266 3168 Wanarpv6 - ok
15:14:48.0313 3168 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:14:48.0360 3168 wbengine - ok
15:14:48.0391 3168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:14:48.0406 3168 WbioSrvc - ok
15:14:48.0438 3168 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:14:48.0484 3168 wcncsvc - ok
15:14:48.0500 3168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:14:48.0516 3168 WcsPlugInService - ok
15:14:48.0547 3168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:14:48.0562 3168 Wd - ok
15:14:48.0594 3168 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:14:48.0625 3168 Wdf01000 - ok
15:14:48.0656 3168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:14:48.0734 3168 WdiServiceHost - ok
15:14:48.0734 3168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:14:48.0750 3168 WdiSystemHost - ok
15:14:48.0781 3168 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:14:48.0812 3168 WebClient - ok
15:14:48.0843 3168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:14:48.0906 3168 Wecsvc - ok
15:14:48.0921 3168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:14:48.0968 3168 wercplsupport - ok
15:14:48.0999 3168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:14:49.0062 3168 WerSvc - ok
15:14:49.0093 3168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:14:49.0124 3168 WfpLwf - ok
15:14:49.0155 3168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:14:49.0171 3168 WIMMount - ok
15:14:49.0186 3168 WinDefend - ok
15:14:49.0186 3168 WinHttpAutoProxySvc - ok
15:14:49.0233 3168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:14:49.0264 3168 Winmgmt - ok
15:14:49.0327 3168 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:14:49.0389 3168 WinRM - ok
15:14:49.0452 3168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:14:49.0483 3168 Wlansvc - ok
15:14:49.0514 3168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:14:49.0545 3168 WmiAcpi - ok
15:14:49.0576 3168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:14:49.0608 3168 wmiApSrv - ok
15:14:49.0654 3168 WMPNetworkSvc - ok
15:14:49.0686 3168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:14:49.0701 3168 WPCSvc - ok
15:14:49.0732 3168 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:14:49.0748 3168 WPDBusEnum - ok
15:14:49.0779 3168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:14:49.0826 3168 ws2ifsl - ok
15:14:49.0842 3168 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:14:49.0873 3168 wscsvc - ok
15:14:49.0888 3168 WSearch - ok
15:14:49.0951 3168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:14:50.0013 3168 wuauserv - ok
15:14:50.0044 3168 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:14:50.0060 3168 WudfPf - ok
15:14:50.0091 3168 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:14:50.0122 3168 WUDFRd - ok
15:14:50.0154 3168 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:14:50.0185 3168 wudfsvc - ok
15:14:50.0232 3168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:14:50.0263 3168 WwanSvc - ok
15:14:50.0294 3168 ================ Scan global ===============================
15:14:50.0310 3168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:14:50.0341 3168 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:14:50.0341 3168 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:14:50.0372 3168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:14:50.0403 3168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:14:50.0403 3168 [Global] - ok
15:14:50.0403 3168 ================ Scan MBR ==================================
15:14:50.0403 3168 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:14:51.0386 3168 \Device\Harddisk1\DR1 - ok
15:14:51.0386 3168 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:14:52.0525 3168 \Device\Harddisk0\DR0 - ok
15:14:52.0525 3168 ================ Scan VBR ==================================
15:14:52.0572 3168 [ 4BCC6EF388D3C260952092CD9D54EBC4 ] \Device\Harddisk1\DR1\Partition1
15:14:52.0572 3168 \Device\Harddisk1\DR1\Partition1 - ok
15:14:52.0587 3168 [ 4642E006F3215A23D3710EAF03506D67 ] \Device\Harddisk0\DR0\Partition1
15:14:52.0587 3168 \Device\Harddisk0\DR0\Partition1 - ok
15:14:52.0603 3168 [ 59F8167115FB01E072A870F29A0B75BC ] \Device\Harddisk0\DR0\Partition2
15:14:52.0603 3168 \Device\Harddisk0\DR0\Partition2 - ok
15:14:52.0603 3168 ============================================================
15:14:52.0603 3168 Scan finished
15:14:52.0603 3168 ============================================================
15:14:52.0618 1140 Detected object count: 2
15:14:52.0618 1140 Actual detected object count: 2
15:16:49.0323 1140 JMCR ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:49.0323 1140 JMCR ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:49.0323 1140 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:49.0323 1140 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.02.2013, 15:45
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 17:08
| #25 |
| | Trojaner Bebloh eingefangen oder nicht? Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - *** 06.02.2013 16:45:53.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4063.2839 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.dat
c:\users\***\AppData\Roaming\072444feebb1a937b227ce9dca4556eb
c:\users\***\AppData\Roaming\1&1
c:\users\***\AppData\Roaming\1&1\1&1 EasyLogin\ErrorLogs\StackTrace.txt
c:\windows\IsUn0407.exe
c:\windows\SysWow64\FirewallInstallHelper.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 ))))))))))))))))))))))))))))))
.
.
2013-02-04 09:28 . 2013-02-04 09:28 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77785C50-566D-4B0A-B976-4469CF7A0DB9}\offreg.dll
2013-02-03 10:49 . 2013-02-03 10:49 -------- d-----w- c:\programdata\IObit
2013-02-03 10:49 . 2013-02-03 10:49 -------- d-----w- c:\users\***\AppData\Roaming\IObit
2013-02-03 10:49 . 2013-02-03 10:49 -------- d-----w- c:\program files (x86)\IObit
2013-02-03 09:55 . 2013-02-03 09:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-03 09:50 . 2013-02-04 08:46 -------- d-----w- c:\users\***\AppData\Roaming\QuickScan
2013-02-02 15:41 . 2013-02-02 15:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-02 15:41 . 2013-02-02 15:41 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-02 15:41 . 2013-02-02 15:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-02 15:41 . 2013-02-02 15:41 188320 ----a-w- c:\windows\system32\java.exe
2013-02-02 15:41 . 2013-02-02 15:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-02 15:40 . 2013-02-02 15:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-01 14:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77785C50-566D-4B0A-B976-4469CF7A0DB9}\mpengine.dll
2013-02-01 10:27 . 2013-02-01 10:27 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-02-01 10:26 . 2013-02-01 10:26 -------- d-----w- c:\programdata\Malwarebytes
2013-02-01 10:26 . 2013-02-01 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-01 10:26 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-14 21:49 . 2013-01-14 21:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-14 21:49 . 2013-02-02 15:40 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-14 21:18 . 2013-01-14 21:18 -------- d-----w- c:\program files (x86)\Common Files\Steganos Online-Banking 2012
2013-01-08 18:46 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-08 14:22 . 2013-01-08 14:22 91112 ----a-w- c:\windows\SysWow64\drivers\SleeN18.sys
2013-01-08 14:22 . 2013-01-08 14:22 108648 ----a-w- c:\windows\SleeN1864.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 15:41 . 2011-09-12 08:07 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 15:40 . 2012-04-09 07:02 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2011-09-09 22:25 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 15:38 . 2012-03-31 19:35 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 15:38 . 2011-09-13 06:25 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 18:49 . 2011-09-10 06:16 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 15:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:40 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-08 18:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 19:57 . 2012-11-01 19:35 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-14 19:57 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-14 07:06 . 2012-12-13 09:28 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:28 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:28 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:28 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:28 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:28 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:28 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:28 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:28 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:28 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:28 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:28 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:28 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:28 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:28 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:28 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:28 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 09:27 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 09:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-14 356376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"UVS10 Preload"=c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [2012-02-08 346496]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 128352]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys [2011-01-26 821888]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-14 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys [2013-01-08 14:22 108648]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2012-01-03 36864]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-02 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-02 29528]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:38]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 06:53]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 06:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"ACPW06DE"="c:\program files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-11-14 1231992]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startfenster.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6cg93i33.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - ExtSQL: 2013-02-03 10:50; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6cg93i33.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.arw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.bmp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.cr2"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.crw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.dcr"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.dng"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.gif"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ico"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpe"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpeg"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpg"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.kdc"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.mrw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.nef"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.nrw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.orf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcd"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pef"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.plp\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.plp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.png"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.raf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.raw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.rw2"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.sr2"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.srf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.tif"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.tiff"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (S-1-5-21-1033865684-3003369846-1962460693-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\SecuROM\License information*]
"datasecu"=hex:b2,3f,d5,c2,8c,0c,1d,71,ed,ee,20,5f,61,c1,3f,e7,d4,38,f1,25,1c,
9f,37,ef,90,54,c5,a4,f9,5b,6f,59,fc,8f,61,f8,0d,98,7a,71,d4,7a,95,4d,79,33,\
"rkeysecu"=hex:6f,e5,74,69,51,32,f6,e3,22,41,81,5a,b2,f3,7e,66
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-06 17:00:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-06 16:00
.
Vor Suchlauf: 14 Verzeichnis(se), 206.328.197.120 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 206.343.675.904 Bytes frei
.
- - End Of File - - 0CA99C881532ACCFB54770179A7350C6
|
|
06.02.2013, 21:23
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 22:40
| #27 |
| | Trojaner Bebloh eingefangen oder nicht? war nur ein Neustart! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 06/02/2013 um 22:31:47 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startfenster.com --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\6cg93i33.default\prefs.js
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\6cg93i33.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1622 octets] - [06/02/2013 22:31:47]
########## EOF - C:\AdwCleaner[S1].txt - [1682 octets] ##########
OTL:  Code:
ATTFilter OTL logfile created on: 06.02.2013 22:56:43 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,51% Memory free 7,93 Gb Paging File | 6,05 Gb Available in Paging File | 76,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 192,30 Gb Free Space | 64,51% Space Free | Partition Type: NTFS Drive E: | 29,30 Gb Total Space | 1,36 Gb Free Space | 4,65% Space Free | Partition Type: NTFS Drive F: | 268,79 Gb Total Space | 11,49 Gb Free Space | 4,27% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko18\content_blocker_xpcom.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6cg93i33.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AVEO) -- C:\Windows\SysNative\drivers\AVEOdcnt.sys (AVEO) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SMIGrabber3C) -- C:\Windows\SysNative\drivers\SmiUsbGrabber3C.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (SLEE_18_DRIVER) -- C:\Windows\SleeN1864.sys (Softwareentwicklung Remus - ArchiCrypt - ) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 77 F2 5B 0B E2 CC 01 [binary data] IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1033865684-3003369846-1962460693-1006\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: last-tab-close-button%40victor.sacharin:0.3.7 FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 22:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 22:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 22:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 22:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 22:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 15:02:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.08 10:29:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.30 10:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.01.30 10:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.18 16:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.02.03 10:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cg93i33.default\extensions [2013.01.11 11:50:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cg93i33.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.03 10:50:17 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cg93i33.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.02.09 07:16:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cg93i33.default\extensions\piclens@cooliris.com [2012.11.20 19:03:50 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cg93i33.default\extensions\support@lastpass.com [2012.12.08 15:38:13 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6cg93i33.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012.08.29 06:31:31 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6cg93i33.default\extensions\extension@ciuvo.com.xpi [2012.06.15 20:41:48 | 000,007,834 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6cg93i33.default\extensions\last-tab-close-button@victor.sacharin.xpi [2013.01.05 13:41:28 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6cg93i33.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013.01.31 20:18:36 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6cg93i33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.04 05:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.06 15:02:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.20 22:05:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2012.12.20 22:05:54 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2012.12.20 22:05:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2013.02.06 15:02:30 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 22:21:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 12:21:51 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.06 16:54:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [ACPW06DE] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1006..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1033865684-3003369846-1962460693-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E289121-9390-4722-9F7F-D758BB2AC8AB}: DhcpNameServer = 217.66.52.10 195.226.176.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCF8C36D-BC6C-4AEA-8134-6CACCF7DBD62}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 17:00:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.06 16:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.06 16:43:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.06 16:43:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.06 16:43:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.06 16:43:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.06 16:43:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.06 15:53:25 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.06 15:09:27 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.05 14:29:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.02.05 10:01:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1017 [2013.02.03 12:09:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.03 11:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013.02.03 11:49:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IObit [2013.02.03 11:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.02.03 11:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.03 10:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013.02.03 10:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.02.03 10:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2013.02.02 16:41:33 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.02 16:41:33 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.02 16:41:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.02 16:41:21 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.02 16:41:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.02 16:40:18 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.02 16:40:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.02 16:40:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.02 16:40:05 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.01 11:27:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.02.01 11:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.01 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.01 11:26:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.01 11:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.26 01:11:07 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2013.01.26 01:11:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2013.01.23 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HEILFASTEN [2013.01.20 14:40:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\uns-senden [2013.01.14 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.14 22:49:23 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.14 22:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online-Banking 2012 [2013.01.14 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos Online-Banking 2012 [2013.01.08 19:47:16 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.08 19:47:15 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.08 19:47:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.08 19:47:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.08 19:47:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.08 19:47:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.08 19:47:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.08 19:47:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.08 19:47:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.08 19:47:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.08 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.08 19:47:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.08 19:47:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.08 19:47:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.08 19:47:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.08 19:47:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.08 19:47:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.08 19:47:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.08 19:47:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.08 19:47:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.08 19:47:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.08 19:47:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.08 19:47:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.08 19:47:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.08 19:46:59 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.08 19:46:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.08 19:46:58 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.08 19:46:44 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.08 19:46:44 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.08 19:46:44 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.08 19:46:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.08 19:46:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.08 19:46:44 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.08 19:46:44 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.08 19:46:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.08 19:46:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.08 19:46:44 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.08 19:46:44 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.08 19:46:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.08 19:46:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.08 19:46:44 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.08 19:46:44 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.08 19:46:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.08 19:46:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.08 19:46:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.08 19:46:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.08 19:46:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.08 19:46:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.08 19:46:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.08 19:46:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.08 19:46:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.08 19:46:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.08 19:46:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.08 19:46:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.08 19:46:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.08 19:46:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.08 19:46:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.08 19:46:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.08 19:46:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.08 19:46:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.08 19:46:16 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.08 15:22:10 | 000,108,648 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt - ) -- C:\Windows\SleeN1864.sys [2013.01.08 15:22:10 | 000,091,112 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt - ) -- C:\Windows\SysWow64\drivers\SleeN18.sys [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 22:41:15 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 22:41:15 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 22:40:54 | 000,803,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.06 22:40:54 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.06 22:40:54 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.06 22:40:54 | 000,017,478 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.06 22:40:54 | 000,009,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.06 22:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 22:33:28 | 3195,236,352 | -HS- | M] () -- C:\hiberfil.sys [2013.02.06 22:30:41 | 000,582,209 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.06 21:38:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.06 16:54:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.06 15:53:53 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.06 15:09:30 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.06 12:45:33 | 777,887,095 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.06 12:23:33 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.02.05 15:58:14 | 000,000,131 | ---- | M] () -- C:\Users\***\.jalbum-recent-projects.properties [2013.02.05 15:12:49 | 000,000,446 | ---- | M] () -- C:\Users\***\.jalbum-ftp-accounts.xml [2013.02.05 14:30:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.02.05 14:28:20 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.04 09:54:58 | 000,057,224 | ---- | M] () -- C:\Users\***\Desktop\TK3.pdf [2013.02.03 21:24:31 | 000,046,027 | ---- | M] () -- C:\Users\***\Desktop\benkingsley.jpg [2013.02.03 12:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.03 10:55:52 | 000,001,228 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2013.02.02 16:41:17 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.02 16:41:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.02 16:41:17 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.02 16:41:17 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.02 16:41:16 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.02 16:41:16 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.02 16:40:01 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.02 16:40:01 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.02 16:40:01 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.02 16:40:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.02 16:40:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.02 16:40:01 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.01 14:24:56 | 000,073,463 | ---- | M] () -- C:\Users\***\Desktop\13-0358-PI-nescafe.pdf [2013.02.01 11:26:17 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.30 20:42:09 | 000,834,048 | ---- | M] () -- C:\Users\***\Documents\Thomas Geld.stb [2013.01.29 14:14:08 | 000,497,117 | ---- | M] () -- C:\Users\***\Desktop\schimmel-fischer.pdf [2013.01.24 09:59:31 | 000,283,509 | ---- | M] () -- C:\Users\***\Desktop\Zuschneiden.jpg [2013.01.24 09:48:39 | 000,031,676 | ---- | M] () -- C:\Users\***\Desktop\NESCAFE-LOC-LISTE-ATELIERS-2.pdf [2013.01.13 21:28:50 | 000,082,249 | ---- | M] () -- C:\Users\***\Desktop\NESCAFE-LOC-LISTE-130111-2.pdf [2013.01.13 20:02:31 | 000,038,381 | ---- | M] () -- C:\Users\***\Desktop\motivtour-130115-1.pdf [2013.01.13 16:38:57 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.13 16:38:57 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.08 20:25:28 | 002,102,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.08 15:22:10 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) -- C:\Windows\SleeN1864.sys [2013.01.08 15:22:10 | 000,091,112 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) -- C:\Windows\SysWow64\drivers\SleeN18.sys [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 22:30:27 | 000,582,209 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.06 16:43:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.06 16:43:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.06 16:43:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.06 16:43:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.06 16:43:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.06 12:23:33 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.02.05 14:28:17 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.04 09:54:57 | 000,057,224 | ---- | C] () -- C:\Users\***\Desktop\TK3.pdf [2013.02.03 21:24:29 | 000,046,027 | ---- | C] () -- C:\Users\***\Desktop\benkingsley.jpg [2013.02.03 10:55:52 | 000,001,228 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2013.02.01 14:24:55 | 000,073,463 | ---- | C] () -- C:\Users\***\Desktop\13-0358-PI-nescafe.pdf [2013.02.01 11:26:17 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.29 14:14:06 | 000,497,117 | ---- | C] () -- C:\Users\***\Desktop\schimmel-fischer.pdf [2013.01.24 09:59:31 | 000,283,509 | ---- | C] () -- C:\Users\***\Desktop\Zuschneiden.jpg [2013.01.24 09:47:28 | 000,031,676 | ---- | C] () -- C:\Users\***\Desktop\NESCAFE-LOC-LISTE-ATELIERS-2.pdf [2013.01.13 21:28:49 | 000,082,249 | ---- | C] () -- C:\Users\***\Desktop\NESCAFE-LOC-LISTE-130111-2.pdf [2013.01.13 20:02:30 | 000,038,381 | ---- | C] () -- C:\Users\***\Desktop\motivtour-130115-1.pdf [2013.01.13 16:38:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.07 00:36:24 | 054,369,963 | ---- | C] () -- C:\Users\***\AppData\Local\AdobeSetupUtility.zip.aamdownload [2012.12.07 00:36:24 | 000,000,809 | ---- | C] () -- C:\Users\***\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd [2012.10.26 20:26:32 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe [2012.09.02 10:32:47 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.04.22 21:19:38 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll [2011.10.27 21:25:07 | 000,000,042 | ---- | C] () -- C:\Users\***\AppData\Roaming\TheHunterSettings_live.cfg [2011.10.24 17:03:17 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.24 17:03:15 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.24 17:03:15 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.17 16:53:53 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.09.17 14:33:41 | 000,076,800 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.12 09:26:58 | 000,000,446 | ---- | C] () -- C:\Users\***\.jalbum-ftp-accounts.xml [2011.09.12 09:23:50 | 000,000,131 | ---- | C] () -- C:\Users\***\.jalbum-recent-projects.properties [2011.09.12 09:14:08 | 000,009,590 | ---- | C] () -- C:\Users\***\.jalbum-defaults.jap [2011.09.11 21:40:46 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.02.2013 22:56:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,51% Memory free
7,93 Gb Paging File | 6,05 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 192,30 Gb Free Space | 64,51% Space Free | Partition Type: NTFS
Drive E: | 29,30 Gb Total Space | 1,36 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive F: | 268,79 Gb Total Space | 11,49 Gb Free Space | 4,27% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1033865684-3003369846-1962460693-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7E6B0F-940F-484C-B507-4A1E4E24C983}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E32FC53-67E3-4595-82E4-F825B666880F}" = rport=139 | protocol=6 | dir=out | app=system |
"{23DE3E40-0AB2-477D-BCEB-54D62E5F876E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D548D6D-1637-4559-832B-866C18DC7C83}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32D3B0D1-637F-4467-AEAE-A116A9E863F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F0BD131-DE77-4979-AC6B-49EA18BCB60B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{533E4655-81A6-4F12-B85C-ECB04FF97EC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5988C49F-ACA4-41DF-ADA7-F9B6518449C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C24E55F-3E68-4E30-8195-6E32485F8AB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D315D1F-6CBB-4DBE-8F54-5A5348E446A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{611FF20C-66B1-4BF5-BD96-73C452F72951}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CAB754D-9385-46E2-848A-E208BBB2BE59}" = lport=139 | protocol=6 | dir=in | app=system |
"{7217C688-D3C2-4DE2-B4D2-D4699EFA46A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{815EA0F0-F9EC-4F08-80FC-67FF02E32091}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9AD787AC-9328-4DC7-86D2-16E07A4CFD1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B41AF09B-1C81-4136-A49E-7BA76A8F6DAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA269B86-9282-4565-A58F-7EEC7460207B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D275D377-E9DF-4211-82A1-F44E917517B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3893C04-4964-4127-804E-467FA3130269}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D38D43CC-4EFB-4AC2-A053-5E670E980675}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCBA531C-85A7-4D9B-923F-530BC3511F29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8AF9B7B-4743-4D93-B848-3C5450FE588F}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD0E729F-5F2A-4BB0-A0CA-4299D6EF4E40}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0984937E-BD48-460C-8805-C6957283C084}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0DF075BD-D2C2-4C53-B2E5-C6950D0B3ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\frontlines - fuel of war\binaries\ffow.exe |
"{137133D7-0981-4AA5-BFC2-CD528BB77154}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B0B4B20-5B13-456A-BDCB-AA4414EB874B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C230F3F-E1CF-4EC2-B3F6-861FE7C35347}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2269581D-E572-4831-B59F-F24533974D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{26F08786-41C2-4FE8-9D02-FCA49CE5F8BB}" = protocol=6 | dir=out | app=system |
"{3277BB0F-6B20-4FAE-A856-B5BBB69E0E7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{339A5695-258D-4B5B-9BEF-0B95BB47F73F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CBB5BDB-935A-498D-BFF9-CD245B30F541}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3F24C669-7E1D-4FC9-9233-929E5B0CC1A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42723790-4120-46E8-BA57-737B1C955B30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{46D494D6-D9DB-4D62-8000-3132D1CCCF60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{492993B2-1918-4CD6-93E7-0C2059BD0090}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50962838-7F6F-4FEB-ACAC-E95A975A942F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{53BD20D8-C76D-43DF-99F1-9F45A24D8A66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A73A2C9-E883-4274-9994-312CE91CAFF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EB5A6FB-C81B-47B4-BEEF-FD56B5E39345}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{63201D67-EFE4-4BCD-93E3-F8EEA0B2ABCA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63AAF997-3C60-4910-80C2-231D2AC47F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{6B23066E-D11F-464E-992A-86D1781AA5E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6B2E23ED-AD68-485B-99AB-52540D63BE4F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6C47AE3B-CC67-4507-8ADC-F8DF2D39234A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6C5D4DC9-4959-4250-84D9-69E97B867342}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{70943A30-704C-4D4A-9AE8-BA07A3AD9286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{71B2217B-781B-40B3-BBE3-333E1650355F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7233FA5B-1A6B-491D-925A-C4E79A15AF68}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7900CCEB-A856-4E14-873F-E6448338253C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{797EBB82-AEDA-46C8-AFAF-61EB21DEFED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8F2EB7A8-7F48-47F8-B0A4-C3244FD6E377}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9615D337-22C6-4141-A205-F8268F6A650C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C985549-12B3-4D5A-88CD-8DC3B6940A00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FADFD9F-9B66-460F-A841-AFE12E7D9421}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AB46CF4D-4C63-4ED3-99DA-8571843F3793}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0533DAC-4142-41C9-A336-26BEBA13FD11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{B0622E31-6200-4688-B477-74AD3E139202}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\frontlines - fuel of war\binaries\ffow.exe |
"{B2B59B75-6CDB-4986-B077-FBA6371AA5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BD12B89C-84D1-4121-B0C0-82FE422F5DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{C25C80B0-B6C0-4374-A382-C59533CF2255}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3FCF4ED-EB07-4895-858B-A11800D2CBDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA38BF40-F12B-4776-A10B-27AFDE95A0D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{CC7AE3A6-8840-436D-8E40-C3D7B5E6B02C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E217242C-4EBD-4FF9-BD12-4DA3E1BC4976}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6723E33-DA6D-4D88-86D6-72ACC358F330}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCBC4918-9727-4AF7-AF34-C39222D20CE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810" = Canon MP810
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2DC11E587B8BA912FF8FD5433B426EE46F8E22DD" = Windows-Treiberpaket - dji-innovations inc. (usbser) Ports (01/19/2011 5.1.2600.5512)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Aquamarin Haushaltsbuch 2.9.2 b
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90552EF2-B5C1-4B67-8842-93F5ABA96A5D}" = Jalbum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A2C30EE-6E35-4479-B0E6-B1B47A54E8CD}_is1" = DJI driver version 1.0
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI Grabber Device
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}" = Steganos Online-Banking 2012
"{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1" = LoiLoScope 2
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{E361CF5C-F450-4A81-B831-F9BA67A1DC15}_is1" = DJI NAZA Assistant version 1.8
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44C57E8-2E0B-418A-AAC1-043EF2065EB7}" = AcroPano Photo Stitcher, Panorama software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F748FAE2-3D19-44F7-AC03-EB9ADA517752}" = FotoSlate 4
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"CanonMyPrinter" = Canon Utilities My Printer
"FileZilla Client" = FileZilla Client 3.2.7.1
"Frontlines - Fuel of War_is1" = Frontlines - Fuel of War
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Opera 12.12.1707" = Opera 12.12
"Pointofix_is1" = Pointofix
"PunkBusterSvc" = PunkBuster Services
"Steam App 24860" = Battlefield 2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.12.2012 11:40:12 | Computer Name = *** | Source = VSS | ID = 13
Description =
Error - 21.12.2012 11:40:12 | Computer Name = *** | Source = VSS | ID = 12292
Description =
Error - 21.12.2012 11:40:12 | Computer Name = *** | Source = VSS | ID = 8193
Description =
Error - 21.12.2012 11:40:12 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 21.12.2012 11:40:20 | Computer Name = *** | Source = VSS | ID = 13
Description =
Error - 21.12.2012 11:40:20 | Computer Name = *** | Source = VSS | ID = 12292
Description =
Error - 25.12.2012 06:21:18 | Computer Name = *** | Source = VSS | ID = 13
Description =
Error - 25.12.2012 06:21:18 | Computer Name = *** | Source = VSS | ID = 12292
Description =
Error - 25.12.2012 06:21:18 | Computer Name = *** | Source = VSS | ID = 8193
Description =
Error - 25.12.2012 06:21:18 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 06.02.2013 12:04:52 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 12:04:53 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 12:04:58 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 12:05:16 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.02.2013 16:38:39 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 16:38:40 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 16:38:39 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.02.2013 16:38:59 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 17:34:25 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.02.2013 17:34:49 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Geändert von spruce (06.02.2013 um 23:10 Uhr) |
|
06.02.2013, 23:12
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 23:28
| #29 |
| | Trojaner Bebloh eingefangen oder nicht?Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.06.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 06.02.2013 23:24:15 mbam-log-2013-02-06 (23-24-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237297 Laufzeit: 2 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ACHTUNG! ÄLTERES LOGFILE!!! 1. ENTSCHULDIGUNG, ich habe etwas schlampig gearbeitet. In Beitrag #4 fragtest du mich ja nach etwaig vorhandenen weiteren Logfiles mit Funden welches ich verneinte. Gerade eben beim durchgehen der alten Logs vom Anfang am 01.02.13 fand ich doch einen Eintrag, ich weiss nicht wie ich das übersehen konnte: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 01.02.2013 12:41:06 mbam-log-2013-02-01 (12-41-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 700833 Laufzeit: 2 Stunde(n), 30 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 F:\DOWNLOADS\video_konverter\SoftonicDownloader_fuer_pocketdivxencoder.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) 2. Ist das wirklich ernst gemeint einen onlinescan mit ESET durchzuführen bei dem alle Festplatten angeschlossen sind, dies ohne Antivirus und ohne Firewall??? Lege ich so nicht meinen Rechner und alle Daten blank und offen dar für Angreifer aus dem web? |
|
07.02.2013, 10:07
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Bebloh eingefangen oder nicht?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Bebloh eingefangen oder nicht? |
| datei, e-mail, file, firefox, forum, gen, gesendet, image, infected, internet, kaspersky, klicke, logfiles, microsoft, neustart, nicht möglich, ordner, plötzlich, rechner, registry, software, spybot, trojan.bebloh, trojaner, virus, windows, überprüfung |
Linear-Darstellung
