Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2013, 20:56   #1
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Trojaner-Board User,

seit dieser Woche funktioniert mein Windows Explorer nicht mehr richtig. Er stürzt immer schon ab, wenn ich links in der Ordnerstruktur nur das Kontextmenü aufrufe.
Weitere Aktionen sind nicht möglich.
Da ich eine .iso auslesen wollte, habe ich Deamon Tools Lite installiert. Dies habe ich nun wieder deinstalliert. Problem mit dem Explorer ist aber geblieben. Ich werde Euch mal alles posten, was ich dazu habe. Sollte etwas fehlen, bitte ich um Hinweise, wie dies zu posten ist.
Anschließend würde ich gern ein Systemcheck machen und somit erfahren ob noch alles clean ist.

Hinweise:
Bei Schritt 1 und 2 habe ich KIS mitlaufen lassen. Bei Schritt 3 nicht. Nach den Checks fuhr mein PC nicht mehr herunter.
WIN 7 Ultimate x64

Da ich schon Erfahrung in diesem Board sammeln konnte, weiß ich, was die Helfer hier für eine Arbeit leisten und möchte mich schon einmal vorab bedanken.

PC-System:
Code:
ATTFilter
Betriebssystem
			Microsoft Windows 7 Ultimate 64-bit SP1
		CPU
			Intel Core i7 930 @ 2.80GHz	45 °C
			Bloomfield 45nm Technologie
		RAM
			6,00 GB Trippel-Kanal DDR3 @ 534MHz (8-8-8-20)
		Motherboard
			ASUSTeK Computer INC. Rampage II Extreme (LGA1366)	29 °C
		Grafik
			H243HX (1920x1080@59Hz)
			1535 MBGeForce GTX 580 (ASUStek Computer Inc)	35 °C
		Festplatten
			119GB OCZ-VERTEX4 ATA Device (SSD)
			932GB SAMSUNG HD105SI ATA Device (SATA)	25 °C
			466GB SAMSUNG HD503HI ATA Device (SATA)	22 °C
			1863GB SAMSUNG HD204UI ATA Device (SATA)	22 °C
		Optische Laufwerke
			TSSTcorp CDDVDW SH-S223C ATA Device
		Audio
			High Definition Audio-Gerät

		Firewall	Aktiviert
			Display Name	Kaspersky Internet Security
		Antivirus
			Antivirus	Aktiviert
			Display Name	Kaspersky Internet Security
			Virus Signature Database	Up to date

		Internet Explorer
			Version	10.0.9200.16521
		PowerShell
			Version	3.0
		Java
				Java Runtime Environment
					Pfad	C:\Program Files (x86)\Java\jre7\bin\java.exe
					Version	7.0
					Aktualisieren	17
					Build	02
         
Explorer Problem:
Code:
ATTFilter
Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859, Zeitstempel: 0x4fd2dfec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000504aa
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0x01ce26497952eecc
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung: b97fcbd6-923c-11e2-afac-e0cb4e977cc1
         
Schritt 1 defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:21 on 21/03/2013 (OXOMOXO)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         
Schritt 2 OTL
Code:
ATTFilter
OTL logfile created on: 21.03.2013 19:29:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free
11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32
 
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.21 19:12:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt\OTL.exe
PRC - [2013.02.26 19:18:28 | 008,347,272 | ---- | M] (AceBIT GmbH) -- C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.08 22:27:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.05 16:03:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.17 17:26:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.06.28 19:48:10 | 005,924,712 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.06.28 19:47:40 | 001,133,392 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.11.15 17:44:36 | 002,155,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.11.16 21:41:04 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.16 21:41:04 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.09.30 17:36:25 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.09.30 17:36:25 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.31 14:55:13 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.08.31 14:55:10 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.06.16 20:25:30 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.06.16 20:21:51 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.06.16 20:21:49 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012.06.16 20:21:48 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.06.16 20:21:48 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.04.25 22:26:25 | 000,072,480 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.07 17:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.22 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.01.29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.26 10:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.08.26 10:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 10:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 08 42 BD 42 F2 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{06147D0B-3E6D-4F2B-9E14-73283861B7B1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3266822E-E7AC-4C78-8D31-B5C47706CED5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{35EEE4DB-B189-452C-99FE-714F13F28999}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6AEF6E0A-71D1-4D6F-B13F-3AE1249E62CC}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=&search={searchTerms}
IE - HKCU\..\SearchScopes\{96706323-4C6D-4ECA-B5A5-F54664802C08}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{B49B91C3-ECC9-410B-B47E-E11BDA4787BD}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: flashkiller%40joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.5.48.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.4.0
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.3
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.http: "193.27.209.200"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2013.03.04 00:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M]
 
[2011.07.21 06:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Extensions
[2013.03.21 16:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions
[2013.02.22 15:29:23 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.03.15 23:07:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.01 23:33:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.01.14 17:58:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2013.02.23 21:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.14 23:42:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com
[2012.05.16 19:49:14 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\fb_add_on@avm.de
[2013.03.03 15:25:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.03.05 18:36:15 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\anticontainer@downthemall.net.xpi
[2011.07.22 10:56:05 | 000,120,125 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\dtaScheduler@forboden.com.xpi
[2012.07.06 22:04:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.02.23 16:26:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\firebug@software.joehewitt.com.xpi
[2011.07.22 04:56:50 | 000,028,950 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\flashkiller@joli.clic.xpi
[2013.03.03 15:25:38 | 000,389,938 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2013.02.10 14:10:53 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\stealthyextension@gmail.com.xpi
[2013.01.29 17:31:23 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.07 21:57:08 | 000,348,483 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011.07.22 04:56:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.02.09 20:50:48 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2012.02.26 14:44:28 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013.03.03 22:14:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.14 23:42:51 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.21 16:19:21 | 000,014,044 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013.02.14 11:45:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 20:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.15 15:54:58 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.03.02 15:27:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.12.11 18:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2011.07.22 10:58:38 | 000,001,632 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\firefox-add-ons.xml
[2012.08.31 16:16:02 | 000,002,492 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\ixquick-https.xml
[2011.07.22 10:58:26 | 000,004,140 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\youtube.xml
[2013.03.08 22:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 22:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.04 00:17:30 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES (X86)\ACEBIT\PASSWORD DEPOT 6\FIREFOX
[2012.12.20 21:03:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.01.10 20:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.10 20:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.10 20:08:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.10 20:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 20:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.10 20:08:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - Startup: C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4D7B0E-AD50-43C6-9EDB-1996E49EC5B7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70B23B1-6204-418A-8226-B226FD078D91}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite
[2013.03.16 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.03.11 22:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.08 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.07 23:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.07 23:15:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.07 23:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.07 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\REINER SCT
[2013.03.07 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REINER SCT
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.21 19:21:16 | 000,000,000 | ---- | M] () -- C:\Users\OXOMOXO\defogger_reenable
[2013.03.21 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.21 16:35:35 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.21 16:35:35 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.21 16:35:35 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.21 16:35:35 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.21 16:35:35 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 16:27:04 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.21 16:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 19:40:38 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 19:40:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.07 23:24:13 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.07 23:15:13 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.07 19:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2013.03.04 00:17:31 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk
[2013.03.03 14:54:56 | 000,001,061 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.21 19:21:16 | 000,000,000 | ---- | C] () -- C:\Users\OXOMOXO\defogger_reenable
[2013.03.21 16:26:55 | 000,416,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.13 19:40:38 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 19:40:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.07 23:15:13 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.07 23:15:13 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.07 19:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.06.19 17:45:09 | 000,004,096 | -H-- | C] () -- C:\Users\OXOMOXO\AppData\Local\keyfile3.drm
[2012.02.23 23:53:04 | 000,003,584 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.18 02:23:17 | 000,007,641 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\Resmon.ResmonCfg
[2011.10.08 23:05:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.08 23:05:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.27 13:29:02 | 000,017,408 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\WebpageIcons.db
[2011.07.21 03:55:21 | 001,598,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.25 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\0D0DF0F8-33DA-4F9A-8791-81826EF95299
[2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\180CBDF2-BDFE-4255-B540-A0F91E7E97D7
[2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\3545EE28-CA30-4ECE-BEA7-F23E1F4175B6
[2012.06.16 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\96A33D06-B081-4822-B1D5-0C631334C615
[2011.07.25 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\AceBIT
[2012.04.25 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Acronis
[2012.09.26 22:57:28 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\aignes
[2012.08.31 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\BB8443C7-C4A5-4787-ABD1-B0C794216D2D
[2013.03.18 17:24:22 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite
[2013.03.21 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox
[2012.11.29 01:56:50 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoft
[2012.04.07 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.30 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FireShot
[2012.02.17 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FreePDF
[2011.07.21 05:12:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Leadertech
[2012.11.11 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\onOne Software
[2012.05.06 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\PreSonus
[2013.01.14 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\qualys
[2012.12.28 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-updater
[2012.12.28 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-zsync
[2011.07.21 07:06:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Sony
[2013.02.17 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TS3Client
[2011.08.20 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\ts3overlay
[2012.12.24 17:33:07 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TuneUp Software
[2012.11.01 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
Schritt 2 Extras
Code:
ATTFilter
OTL Extras logfile created on: 21.03.2013 19:29:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free
11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32
 
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1C1AA-46B6-4A6A-A57B-773ABB67B316}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0B35B5A4-04C9-4F53-BAE0-80F94BDA32DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1089ACE5-0CCD-4D11-8F23-4644EEB90C59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1D450791-D779-4B5C-95B7-5088A16A2DEC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B7AD6D9-8652-4A49-B018-509CC3FCD9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34A65425-95F4-456F-A0A7-C87C8FBA5073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B5E083F-CFDD-43DD-BBAD-E58DA707661D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BB8A7B9-CF0B-4371-BC4E-A4715C9CDBC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E5631B1-99C2-4BDC-AD2E-C37B1ECDA0EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{576ECA21-1C46-4B74-9116-80E21302E766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6037C601-55B2-4AD7-8C92-9B0F0A894CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{603CAD2D-429F-48BD-972F-1427FE3BECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68F918A2-F7F4-4741-B0E4-E9ED7A997011}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87198B0D-E93E-4E80-9499-415A95ABEFA2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F5BAC88-D2C2-4C28-8DCF-6624F56C12A4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{99111059-5DAD-483B-B5CC-0B5DA5EC3AA3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE0A8CBB-3BC7-4A5C-9317-740151C2675F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1563398-039F-4A23-BF87-E0B177F26DA1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD05E012-345A-4BE8-BE12-5CFC1A514F17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CE64A1AB-6E74-4368-A3D1-371E0BC8249F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D7062837-CB90-40C3-BF61-09DB7C665F13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E73EE358-F6C8-4C23-98D7-75F05B954C59}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC97A9-1044-49D6-A8B8-4AD5CA24548B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe | 
"{034EA0EA-15EC-4713-A7BE-6C56F5F19624}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe | 
"{03824658-E6E2-4F3C-B88E-902F32CD7C42}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe | 
"{065276C8-0B29-4943-8CB0-9CF77252DA4A}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe | 
"{074D4541-AAA1-46DC-89AE-D14B0636323F}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{08B29CBC-2EA3-4CDD-B0CD-1C2EB1B5F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A8E9838-8429-46FE-8CAC-A2F0E892E18C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0E1CB3BE-3C2D-43B5-8BAC-BEBF14BB994D}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe | 
"{0E96AD09-83A9-48EF-8A97-9087BF8B7877}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe | 
"{114EDCEE-9B6A-44DC-9F32-8B3A1E6FD820}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe | 
"{13EDB007-FEF7-4A32-8721-8ED09F72BF2C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{1589933C-91E3-46F7-A405-DB97CEC695BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe | 
"{196B796F-1855-4D67-AFBC-1718487CF7A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{19F103EA-469D-41BB-A840-25C00327DAF7}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1C336387-FD25-4C99-AF75-D9D00D20C212}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{1D0D58FE-8761-42B7-AF86-97D32002356B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{1D4A32D1-8E88-435F-854F-D7065144712B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{204FA3F0-2C5B-4AB6-8EA9-64CF95936255}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{2458B340-DF35-4331-B311-ACA81B79CBD6}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{24E1908C-3BC4-4352-AE78-A3F45EF5604C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe | 
"{29A5FDAB-E5BC-43EA-87A6-0553AB99928B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{29A73764-3868-4BAF-9323-24C4095D1265}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe | 
"{2C9F2368-E4E1-48D8-B681-D8C4DB5B3441}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{2EAE3536-12C1-4A89-B538-1FFDD514460D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe | 
"{34378499-5CEA-43E9-9F40-606224B0E0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{34901DEE-A30A-480A-8DAD-F3B09492F62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{35AFC599-C634-4421-A07F-4FBE4A800186}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{38EB59C9-F2B5-4DCD-A006-FA584382D73F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3ABB0BF7-AFFB-41AA-A673-313B3D348D22}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe | 
"{3CB0939E-632A-44AD-857E-5BAA9E7DB73F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{3E483AB0-C0A9-4216-851C-1989F8AA8DD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{41074FE4-A061-4ED9-8BB0-FCBF3DDC02AB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{42EBE8E2-DD81-4A05-A17E-97BA119788F3}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{450D6BC3-A6D2-45D7-85E5-3B1BDF7F765F}" = protocol=6 | dir=out | app=system | 
"{4731A120-FF47-4E01-8BC4-6063788FFE4C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe | 
"{4799BCAD-3746-47EA-BD7E-428AD71AF188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{4D2B2A59-43D9-46E6-A9AC-149009BDE9F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe | 
"{4F84E32B-BD66-489A-8B39-B5D04F7E7771}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe | 
"{51C255D0-C33E-4323-864B-C6A6D9B89581}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{52823517-651C-456A-9164-D84048B69631}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe | 
"{54D5AC0A-D788-4759-8D36-62799DD0F67D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57463554-8171-42E1-A198-5E8C285AFA15}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{57BD2394-52C6-459E-B3CE-2BED1EA18A7E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{58683A6E-F45B-462F-B8DF-A63DB020BD2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5A603016-DD13-464B-B423-EA44763351C1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat | 
"{5CC6B97A-E0FA-428E-BD5E-7C56EDF110D9}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe | 
"{60F8EFA2-59E9-40DD-BC28-9E433FBC2F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E7AB61-7257-443D-AC64-8E15B88A0ABA}" = protocol=6 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B53DDB6-8DDC-455B-A270-E9AF610E32A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AD076F7-2189-4680-A788-37B5832183A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7EC169F4-29AB-4504-A0CC-3133583A1EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80CFFBB7-911D-4A9F-86FB-BDBB9586A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{84A916FD-511C-4E9E-B665-5B4BDCC0F4F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe | 
"{85247B4F-F44C-4CFD-BB0D-54D25B62DF18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86A3EA29-C803-428C-BE37-6BFE1A1A9280}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{8A19CC0D-20B7-47F3-8386-103530C13402}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe | 
"{8BFED094-135D-47BA-A95E-C8D4CBA3FDEA}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe | 
"{8E16E3A7-6091-4ACE-A43F-97C988CE5D24}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{9230FE4E-EB73-43F3-8830-79D109EC8151}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe | 
"{92766F9D-07D8-4E4D-BDD7-98FCA29981F8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe | 
"{937751A1-B3E3-4F5F-BCFD-02555D97B3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AA8775A-B12D-41BE-858D-0B73480453CE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe | 
"{9BA55D57-F796-4328-87B9-5A14EB7BFEF1}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe | 
"{9C12345E-7506-4FCD-B388-DB06A6A78826}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe | 
"{9DDA1620-300E-43FE-8A8D-9ED4E1F88675}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe | 
"{9EFBF356-6798-430F-90BF-1362F483C089}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe | 
"{9F5795BA-9B2B-4636-8A94-658C08F79BEB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe | 
"{A019B2A6-B6B9-4C2A-A4F7-E92A91BF3105}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A73AEB97-7971-403D-B953-90D6D6D81FC2}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe | 
"{B0691EC9-7F09-4294-873E-B8EC7AC08CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{B25A74D3-058E-42EB-940B-813FEED79BDE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe | 
"{B3C09AE2-9498-4217-9695-4F172BE504E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe | 
"{B3E08893-0775-49FB-AEB0-262DD76E712A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B644451C-6D78-4402-9DEF-113ACBAF8597}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{B760BE85-4423-46A1-85FC-1313508AB57F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{B8219290-2744-4635-813A-98CAC2DBEC13}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe | 
"{B8420332-0693-4C35-B7FA-892E5CA089DA}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe | 
"{B9B1B8BA-2D95-4368-889A-933B9582C51C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe | 
"{BDA2268A-A376-480B-9F3B-6A93EB4E76BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BDB4308B-8BA3-4E08-B054-98D76BEF6FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{C009661E-1C8D-4051-B31E-CBF8A11A79AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{C1C4A689-2E4E-4C17-B27D-AB6553173865}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C36AF29B-70F4-4452-A8E8-AF409BA43799}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{C3700B4E-A6C1-467D-9BF6-4290CC285295}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat | 
"{C6AF522A-5431-4ACC-A79C-3E5340635994}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{C9C26E99-F066-4719-965B-69533C77F328}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{CA7CDCD9-DDCB-4BBD-925A-2F7D122BFEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{CAAFB741-B900-4BEF-9A3C-1DD7F7D79E4D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe | 
"{CB9BC41E-97B3-4EE4-92CA-9ABED9F04457}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe | 
"{CB9D580C-7743-4EC6-A787-9C1C1F568B66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CC2A9358-6F22-4010-9A89-72EB98243142}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe | 
"{CD12063E-3A8D-4922-A73F-FC2ED4250A8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CE2520BC-C012-426D-AC91-626EE16B7E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D530C5C4-AF60-4291-9930-C8BB5A3DF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6C24D9F-08CB-4896-B086-999BA011CB28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6D32F6E-7F14-4627-88CE-6251325CF5E8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{DD351889-6709-469F-9475-888762BCD803}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe | 
"{DDC8B000-68AD-4961-B310-04F469C5FE22}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{E014BCCE-4E00-4298-8175-A36201445553}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe | 
"{E61EE88F-B237-4AD1-A6DA-DF1D73AFDAEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EDFDA0DE-B54F-4A09-B724-E3E1F1A2B170}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{EFF71173-3810-46F0-89E3-1F2EB9BDCC9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04E3C45-E53F-4CEC-BF2F-DB8ADF3FA4DC}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe | 
"{F59ABE4E-84BE-4240-B586-CA1FB95EF765}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{FAF2ED6D-8037-40C4-BDD2-430312E54A8E}" = protocol=17 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FB2F82B8-DA2E-44F3-96F8-340ECB97C5E0}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe | 
"{FB3A49CB-D3DC-4DAE-AB27-7CCA5038C185}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBE69E48-0B7C-492E-B11A-72FC1B89CA0F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe | 
"TCP Query User{5088C0B5-6189-41F2-9F74-0EBF6F1233E7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{E21B7AA9-140A-44BD-A5F1-F74A6136AC08}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.30
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-65fdd504-e7d5-463d-b80d-d2087eb2a27b" = My Game Long Name
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFAA49C-2B1D-4808-B43A-4AAFF0475B04}" = Plus Pack für Acronis True Image Home 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"Anti-Twin 2011-07-23 03.08.03" = Anti-Twin (Installation 23.07.2011)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Endless City" = NVIDIA Endless City demo
"ESN Sonar-0.70.0" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"ITN Converter_is1" = ITN Converter 1.78
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neolog_is1" = Neolog 1.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PreSonus Studio One 2" = PreSonus Studio One 2
"PS3 Media Server" = PS3 Media Server
"Steam App 100410" = CameraBag 2
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 107900" = War Inc. Battlezone
"Steam App 113420" = Fallen Earth
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 13520" = Far Cry
"Steam App 17410" = Mirror's Edge
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 203850" = Microsoft Flight
"Steam App 205230" = Hell Yeah!
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 214850" = GameMaker: Studio
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 221080" = District 187
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38830" = CrimeCraft GangWars
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Winamp" = Winamp
"XnView_is1" = XnView 1.99.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 05.10.2012 09:06:40 | Computer Name = OXOMOXO-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 05.10.2012 10:02:47 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17e8    Startzeit: 01cda2ec7cffb0ca    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE    Berichts-ID: 45d058fa-0ef5-11e2-b2d6-e0cb4e977cc1

 
Error - 05.10.2012 11:16:28 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2a44    Startzeit: 01cda3021950b90c    Endzeit: 10    Anwendungspfad:
 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE    Berichts-ID: 95704d03-0eff-11e2-b2d6-e0cb4e977cc1

 
[ Media Center Events ]
Error - 22.07.2011 18:23:40 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:39 - Fehler beim Herstellen der Internetverbindung.  00:23:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 18:25:48 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:50 - Fehler beim Herstellen der Internetverbindung.  00:23:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 19:25:51 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:51 - Fehler beim Herstellen der Internetverbindung.  01:25:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 19:26:00 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:56 - Fehler beim Herstellen der Internetverbindung.  01:25:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 20:26:02 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:02 - Fehler beim Herstellen der Internetverbindung.  02:26:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 20:26:08 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:07 - Fehler beim Herstellen der Internetverbindung.  02:26:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 21:26:20 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:20 - Fehler beim Herstellen der Internetverbindung.  03:26:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2011 21:26:29 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:25 - Fehler beim Herstellen der Internetverbindung.  03:26:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 19.03.2013 08:10:39 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 19.03.2013 08:13:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 19.03.2013 16:30:21 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.03.2013 08:57:47 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 20.03.2013 19:33:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.03.2013 11:03:13 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.03.2013 11:15:57 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.03.2013 11:17:12 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.03.2013 11:27:03 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 21.03.2013 11:27:25 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
Schritt 3 Gmer
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-21 20:00:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 OCZ-VERTEX4 rev.1.3 119,24GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\OXOMOXO\AppData\Local\Temp\uxliyfoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                           fffff96000103c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                       fffff96000103c08 3 bytes [C0, 06, 02]
.text  ...                                                                                                                                       * 110
.text  C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432                                                                                 fffff960001bb878 8 bytes [00, 98, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!BRUSHOBJ_hGetColorTransform + 468                                                                          fffff960001bba88 8 bytes [D0, 98, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngReleaseFastMutex + 8                                                                                    fffff960001bc538 8 bytes [D8, A7, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngGetLastError + 792                                                                                      fffff960001bc8d8 8 bytes [BC, 9E, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngQueryPerformanceFrequency + 8                                                                           fffff960001bce08 8 bytes [B0, 99, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngFreeSectionMem + 76                                                                                     fffff960001bcf28 8 bytes [E4, B0, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398                                                                                  fffff960001c291a 6 bytes {JMP QWORD [RIP-0x17aa38]}
.text  C:\Windows\System32\win32k.sys!EngCreateBitmap + 44                                                                                       fffff960001c4448 8 bytes [E0, 9B, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 40                                                                                  fffff960001c8d98 8 bytes [60, 9A, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngCreateRectRgn + 48                                                                                      fffff960001ccfc8 8 bytes [F8, 9F, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304                                                                                 fffff960001cd8c8 8 bytes [1C, A1, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngCreateDriverObj + 164                                                                                   fffff960001e7878 8 bytes [E4, AB, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44                                                                                    fffff960001e78d8 8 bytes [78, 9F, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16                                                                                 fffff960001fe118 8 bytes {CALL QWORD [RAX+0x36aaa6c]}
.text  C:\Windows\System32\win32k.sys!EngUnmapFile + 944                                                                                         fffff960001fe7e8 8 bytes [D4, A3, 6A, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8                                                                              fffff960001fe7f8 8 bytes [E0, A2, 6A, 03, 80, F8, FF, ...]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                00000000766b1465 2 bytes [6B, 76]
.text  C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155               00000000766b14bb 2 bytes [6B, 76]
.text  ...                                                                                                                                       * 2
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey         00000000773afa88 5 bytes JMP 0000000172a2139e
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  00000000773b0018 5 bytes JMP 0000000172a21a54
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                   0000000072671a22 2 bytes [67, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                   0000000072671ad0 2 bytes [67, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                   0000000072671b08 2 bytes [67, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                   0000000072671bba 2 bytes [67, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                   0000000072671bda 2 bytes [67, 72]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69              00000000766b1465 2 bytes [6B, 76]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155             00000000766b14bb 2 bytes [6B, 76]
.text  ...                                                                                                                                       * 2
.text  C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                    00000000766b1465 2 bytes [6B, 76]
.text  C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                   00000000766b14bb 2 bytes [6B, 76]
.text  ...                                                                                                                                       * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    00000000766b1465 2 bytes [6B, 76]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   00000000766b14bb 2 bytes [6B, 76]
.text  ...                                                                                                                                       * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158341bdb3                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                       C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                       0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                       0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                    0xC9 0x70 0xB6 0x66 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                              0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                           0x29 0x83 0xEB 0x1B ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                      0x22 0x3D 0x7C 0xF1 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158341bdb3 (not active ControlSet)                                           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                      
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                           C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                           0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                           0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                        0xC9 0x70 0xB6 0x66 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                             
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                  0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                               0x29 0x83 0xEB 0x1B ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                        
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                          0x22 0x3D 0x7C 0xF1 ...

---- EOF - GMER 2.1 ----
         

Alt 22.03.2013, 18:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo,

Zitat:
Da ich eine .iso auslesen wollte, habe ich Deamon Tools Lite installiert.
Was für eine ISO? Um an den Inhalt einer ISO-Datei ranzukommen wird kein CD/DVD Emu benötigt, man kann auch mit 7zip oder WinRAR den Inhalt einer ISO extrahieren

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________

__________________

Alt 22.03.2013, 19:21   #3
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

es war eine BD ISO mit HD AUDIO.
WIN7 Ultimate habe ich, weil ich es wollte.
Glaube kaum das ein Firmen-PC so eine Gesamtausstattung hat.
Aber wozu die Fragen?

Wie geht es weiter?
__________________

Geändert von isnogud (22.03.2013 um 19:41 Uhr)

Alt 22.03.2013, 22:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Die Ultimate Edition ist teurer, für den Heimgebrauch eher unnötig/übertrieben und falls gewerblicher Einsatz im Spiel ist müssen wir hier besondere Hinweise posten


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.03.2013, 18:39   #5
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

das Ultimate war als Vorbesteller recht günstig vor Jahren. Seit dem habe ich das System nicht neu installiert. Was ich auch vermeiden will. Der Rechner gehört mir und ist nicht gewerblich.
Die Scans wollte ich in deiner aufgeführten Reihenfolge ausführen.
Das ging auch bis auf die aswMBR.exe
Mein Vorgehen war wie in der Anleitung beschrieben. Mehrmals versucht, auch Neustart.
Aber während des Scans stürzt das Program ab. Habe auch keine Chance die Log zu speichern.
KIS war während des Scans deaktiviert.

**EDIT**
Habe den aswMBR Scan anschließend erneut versucht und er lief durch. Log ist unter Schritt 5 gepostet.

Schritt 4 MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
OXOMOXO :: OXOMOXO-PC [administrator]

23.03.2013 17:10:16
mbar-log-2013-03-23 (17-10-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27563
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Schritt 5 aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 18:44:11
-----------------------------
18:44:11.128    OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:11.128    Number of processors: 8 586 0x1A05
18:44:11.128    ComputerName: OXOMOXO-PC  UserName: OXOMOXO
18:44:11.394    Initialize success
18:44:18.476    AVAST engine defs: 13032301
18:44:27.976    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:44:27.976    Disk 0 Vendor: OCZ-VERTEX4 1.3 Size: 122104MB BusType: 3
18:44:27.976    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
18:44:27.976    Disk 1 Vendor: SAMSUNG_HD105SI 1AJ10001 Size: 953869MB BusType: 3
18:44:27.976    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
18:44:27.976    Disk 2 Vendor: SAMSUNG_HD503HI 1AJ10001 Size: 476940MB BusType: 3
18:44:27.976    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-7
18:44:27.976    Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:44:28.054    Disk 0 MBR read successfully
18:44:28.054    Disk 0 MBR scan
18:44:28.054    Disk 0 Windows 7 default MBR code
18:44:28.070    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           31 MB offset 63
18:44:28.070    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122072 MB offset 64260
18:44:28.132    Disk 0 scanning C:\Windows\system32\drivers
18:44:36.307    Service scanning
18:44:45.542    Modules scanning
18:44:45.542    Disk 0 trace - called modules:
18:44:45.542    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:44:45.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d97790]
18:44:45.558    3 CLASSPNP.SYS[fffff880021c843f] -> nt!IofCallDriver -> [0xfffffa8005cc5a60]
18:44:45.558    5 vsflt67.sys[fffff88000ebc7cd] -> nt!IofCallDriver -> [0xfffffa8005b53580]
18:44:45.558    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005c05060]
18:44:45.823    AVAST engine scan C:\Windows
18:44:49.614    AVAST engine scan C:\Windows\system32
18:46:58.361    AVAST engine scan C:\Windows\system32\drivers
18:47:08.314    AVAST engine scan C:\Users\OXOMOXO
18:48:22.757    AVAST engine scan C:\ProgramData
18:48:37.749    Scan finished successfully
18:48:53.614    Disk 0 MBR has been saved successfully to "D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\5.Schritt\MBR.dat"
18:48:53.614    The log file has been saved successfully to "D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\5.Schritt\aswMBR.txt"
         
Schritt 6 TDSSkiller
Code:
ATTFilter
18:00:54.0182 3552  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:00:54.0260 3552  ============================================================
18:00:54.0260 3552  Current date / time: 2013/03/23 18:00:54.0260
18:00:54.0260 3552  SystemInfo:
18:00:54.0260 3552  
18:00:54.0260 3552  OS Version: 6.1.7601 ServicePack: 1.0
18:00:54.0260 3552  Product type: Workstation
18:00:54.0260 3552  ComputerName: OXOMOXO-PC
18:00:54.0260 3552  UserName: OXOMOXO
18:00:54.0260 3552  Windows directory: C:\Windows
18:00:54.0260 3552  System windows directory: C:\Windows
18:00:54.0260 3552  Running under WOW64
18:00:54.0260 3552  Processor architecture: Intel x64
18:00:54.0260 3552  Number of processors: 8
18:00:54.0260 3552  Page size: 0x1000
18:00:54.0260 3552  Boot type: Normal boot
18:00:54.0260 3552  ============================================================
18:00:54.0603 3552  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0619 3552  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0634 3552  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0650 3552  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:54.0650 3552  ============================================================
18:00:54.0650 3552  \Device\Harddisk0\DR0:
18:00:54.0650 3552  MBR partitions:
18:00:54.0650 3552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFAC5
18:00:54.0650 3552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xEE6C04A
18:00:54.0650 3552  \Device\Harddisk1\DR1:
18:00:54.0650 3552  MBR partitions:
18:00:54.0650 3552  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:00:54.0650 3552  \Device\Harddisk2\DR2:
18:00:54.0650 3552  MBR partitions:
18:00:54.0650 3552  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
18:00:54.0650 3552  \Device\Harddisk3\DR3:
18:00:54.0650 3552  MBR partitions:
18:00:54.0650 3552  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:00:54.0650 3552  ============================================================
18:00:54.0650 3552  C: <-> \Device\Harddisk0\DR0\Partition2
18:00:54.0666 3552  F: <-> \Device\Harddisk3\DR3\Partition1
18:00:54.0697 3552  D: <-> \Device\Harddisk2\DR2\Partition1
18:00:54.0712 3552  E: <-> \Device\Harddisk1\DR1\Partition1
18:00:54.0712 3552  ============================================================
18:00:54.0712 3552  Initialize success
18:00:54.0712 3552  ============================================================
18:01:00.0360 2176  ============================================================
18:01:00.0360 2176  Scan started
18:01:00.0360 2176  Mode: Manual; SigCheck; TDLFS; 
18:01:00.0360 2176  ============================================================
18:01:00.0469 2176  ================ Scan system memory ========================
18:01:00.0469 2176  System memory - ok
18:01:00.0469 2176  ================ Scan services =============================
18:01:00.0516 2176  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:01:00.0562 2176  1394ohci - ok
18:01:00.0562 2176  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:01:00.0578 2176  ACPI - ok
18:01:00.0578 2176  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:01:00.0594 2176  AcpiPmi - ok
18:01:00.0609 2176  [ 0C9A37D1456F44D7A1F9AE888E62C180 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:01:00.0640 2176  AcrSch2Svc - ok
18:01:00.0640 2176  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:01:00.0656 2176  AdobeARMservice - ok
18:01:00.0687 2176  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:00.0687 2176  AdobeFlashPlayerUpdateSvc - ok
18:01:00.0703 2176  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:01:00.0718 2176  adp94xx - ok
18:01:00.0718 2176  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:01:00.0734 2176  adpahci - ok
18:01:00.0750 2176  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:01:00.0750 2176  adpu320 - ok
18:01:00.0750 2176  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:01:00.0781 2176  AeLookupSvc - ok
18:01:00.0796 2176  [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
18:01:00.0796 2176  afcdp - ok
18:01:00.0843 2176  [ 50BD54F16710AE4AEF88D57E63ECFEF8 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:01:00.0906 2176  afcdpsrv - ok
18:01:00.0921 2176  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:01:00.0937 2176  AFD - ok
18:01:00.0937 2176  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:01:00.0952 2176  agp440 - ok
18:01:00.0952 2176  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:01:00.0968 2176  ALG - ok
18:01:00.0968 2176  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:01:00.0984 2176  aliide - ok
18:01:00.0984 2176  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:01:00.0984 2176  amdide - ok
18:01:00.0999 2176  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:01:00.0999 2176  AmdK8 - ok
18:01:01.0015 2176  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:01:01.0015 2176  AmdPPM - ok
18:01:01.0030 2176  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:01:01.0030 2176  amdsata - ok
18:01:01.0030 2176  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:01:01.0046 2176  amdsbs - ok
18:01:01.0046 2176  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:01:01.0062 2176  amdxata - ok
18:01:01.0062 2176  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:01:01.0093 2176  AppID - ok
18:01:01.0093 2176  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:01:01.0124 2176  AppIDSvc - ok
18:01:01.0124 2176  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:01:01.0155 2176  Appinfo - ok
18:01:01.0155 2176  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:01:01.0171 2176  AppMgmt - ok
18:01:01.0171 2176  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:01:01.0186 2176  arc - ok
18:01:01.0186 2176  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:01:01.0202 2176  arcsas - ok
18:01:01.0218 2176  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:01:01.0218 2176  aspnet_state - ok
18:01:01.0218 2176  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:01.0249 2176  AsyncMac - ok
18:01:01.0249 2176  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:01:01.0264 2176  atapi - ok
18:01:01.0280 2176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:01:01.0311 2176  AudioEndpointBuilder - ok
18:01:01.0311 2176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:01:01.0342 2176  AudioSrv - ok
18:01:01.0358 2176  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
18:01:01.0374 2176  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:01:01.0374 2176  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:01:01.0374 2176  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
18:01:01.0389 2176  avmeject - ok
18:01:01.0389 2176  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
18:01:01.0405 2176  AVP - ok
18:01:01.0405 2176  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:01:01.0436 2176  AxInstSV - ok
18:01:01.0436 2176  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:01:01.0467 2176  b06bdrv - ok
18:01:01.0467 2176  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:01.0483 2176  b57nd60a - ok
18:01:01.0483 2176  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:01:01.0498 2176  BDESVC - ok
18:01:01.0498 2176  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:01:01.0530 2176  Beep - ok
18:01:01.0530 2176  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
18:01:01.0530 2176  BEService ( UnsignedFile.Multi.Generic ) - warning
18:01:01.0530 2176  BEService - detected UnsignedFile.Multi.Generic (1)
18:01:01.0545 2176  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:01:01.0576 2176  BFE - ok
18:01:01.0592 2176  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:01:01.0623 2176  BITS - ok
18:01:01.0623 2176  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:01.0639 2176  blbdrive - ok
18:01:01.0639 2176  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:01:01.0654 2176  bowser - ok
18:01:01.0654 2176  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:01:01.0670 2176  BrFiltLo - ok
18:01:01.0670 2176  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:01:01.0686 2176  BrFiltUp - ok
18:01:01.0686 2176  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:01:01.0701 2176  Browser - ok
18:01:01.0701 2176  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:01:01.0732 2176  Brserid - ok
18:01:01.0732 2176  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:01.0748 2176  BrSerWdm - ok
18:01:01.0748 2176  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:01.0748 2176  BrUsbMdm - ok
18:01:01.0764 2176  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:01.0764 2176  BrUsbSer - ok
18:01:01.0764 2176  BT - ok
18:01:01.0779 2176  Btcsrusb - ok
18:01:01.0779 2176  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:01:01.0795 2176  BthEnum - ok
18:01:01.0795 2176  [ 81229822FACAA324718B3B3C973688ED ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
18:01:01.0795 2176  BtHidBus - ok
18:01:01.0795 2176  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:01:01.0810 2176  BTHMODEM - ok
18:01:01.0810 2176  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:01:01.0826 2176  BthPan - ok
18:01:01.0842 2176  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:01:01.0857 2176  BTHPORT - ok
18:01:01.0857 2176  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:01:01.0888 2176  bthserv - ok
18:01:01.0888 2176  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:01:01.0904 2176  BTHUSB - ok
18:01:01.0904 2176  [ 2531372CC2AD7C7204A7520DC7C2D0DA ] btnetBUs        C:\Windows\system32\Drivers\btnetBus.sys
18:01:01.0920 2176  btnetBUs - ok
18:01:01.0920 2176  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:01:01.0951 2176  cdfs - ok
18:01:01.0951 2176  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:01:01.0966 2176  cdrom - ok
18:01:01.0966 2176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:01:01.0982 2176  CertPropSvc - ok
18:01:01.0998 2176  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:01:01.0998 2176  circlass - ok
18:01:02.0013 2176  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:01:02.0029 2176  CLFS - ok
18:01:02.0029 2176  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:02.0044 2176  clr_optimization_v2.0.50727_32 - ok
18:01:02.0044 2176  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:02.0060 2176  clr_optimization_v2.0.50727_64 - ok
18:01:02.0060 2176  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:02.0076 2176  clr_optimization_v4.0.30319_32 - ok
18:01:02.0076 2176  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:02.0091 2176  clr_optimization_v4.0.30319_64 - ok
18:01:02.0091 2176  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:02.0107 2176  CmBatt - ok
18:01:02.0107 2176  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:01:02.0107 2176  cmdide - ok
18:01:02.0122 2176  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
18:01:02.0138 2176  CNG - ok
18:01:02.0138 2176  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:01:02.0154 2176  Compbatt - ok
18:01:02.0154 2176  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:01:02.0169 2176  CompositeBus - ok
18:01:02.0169 2176  COMSysApp - ok
18:01:02.0169 2176  cpuz136 - ok
18:01:02.0169 2176  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:01:02.0185 2176  crcdisk - ok
18:01:02.0185 2176  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:01:02.0232 2176  CryptSvc - ok
18:01:02.0247 2176  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:01:02.0263 2176  CSC - ok
18:01:02.0278 2176  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:01:02.0310 2176  CscService - ok
18:01:02.0310 2176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:01:02.0356 2176  DcomLaunch - ok
18:01:02.0356 2176  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:01:02.0388 2176  defragsvc - ok
18:01:02.0388 2176  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:01:02.0419 2176  DfsC - ok
18:01:02.0419 2176  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:01:02.0434 2176  Dhcp - ok
18:01:02.0434 2176  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:01:02.0466 2176  discache - ok
18:01:02.0466 2176  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:01:02.0481 2176  Disk - ok
18:01:02.0481 2176  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:01:02.0497 2176  Dnscache - ok
18:01:02.0512 2176  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:01:02.0544 2176  dot3svc - ok
18:01:02.0544 2176  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:01:02.0575 2176  DPS - ok
18:01:02.0575 2176  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:01:02.0590 2176  drmkaud - ok
18:01:02.0590 2176  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:01:02.0622 2176  DXGKrnl - ok
18:01:02.0622 2176  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:01:02.0653 2176  EapHost - ok
18:01:02.0715 2176  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:01:02.0762 2176  ebdrv - ok
18:01:02.0762 2176  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:01:02.0778 2176  EFS - ok
18:01:02.0793 2176  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:01:02.0809 2176  ehRecvr - ok
18:01:02.0809 2176  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:01:02.0824 2176  ehSched - ok
18:01:02.0840 2176  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:01:02.0856 2176  elxstor - ok
18:01:02.0856 2176  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:01:02.0871 2176  ErrDev - ok
18:01:02.0871 2176  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:01:02.0902 2176  EventSystem - ok
18:01:02.0918 2176  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:01:02.0934 2176  exfat - ok
18:01:02.0949 2176  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:01:02.0965 2176  fastfat - ok
18:01:02.0980 2176  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:01:02.0996 2176  Fax - ok
18:01:03.0012 2176  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:01:03.0012 2176  fdc - ok
18:01:03.0012 2176  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:01:03.0043 2176  fdPHost - ok
18:01:03.0043 2176  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:01:03.0074 2176  FDResPub - ok
18:01:03.0074 2176  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:01:03.0090 2176  FileInfo - ok
18:01:03.0090 2176  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:01:03.0121 2176  Filetrace - ok
18:01:03.0121 2176  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:03.0121 2176  flpydisk - ok
18:01:03.0136 2176  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:01:03.0152 2176  FltMgr - ok
18:01:03.0152 2176  [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
18:01:03.0168 2176  fltsrv - ok
18:01:03.0168 2176  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:01:03.0199 2176  FontCache - ok
18:01:03.0199 2176  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:03.0214 2176  FontCache3.0.0.0 - ok
18:01:03.0214 2176  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:01:03.0230 2176  FsDepends - ok
18:01:03.0230 2176  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:01:03.0230 2176  Fs_Rec - ok
18:01:03.0246 2176  [ 290EBA98AD0CE0D1B880B5D71194B069 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:01:03.0246 2176  Futuremark SystemInfo Service - ok
18:01:03.0261 2176  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:01:03.0277 2176  fvevol - ok
18:01:03.0277 2176  [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn       C:\Windows\system32\DRIVERS\fwlanusbn.sys
18:01:03.0292 2176  fwlanusbn - ok
18:01:03.0308 2176  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:01:03.0308 2176  gagp30kx - ok
18:01:03.0308 2176  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:03.0324 2176  GEARAspiWDM - ok
18:01:03.0324 2176  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:01:03.0370 2176  gpsvc - ok
18:01:03.0370 2176  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:01:03.0386 2176  hcw85cir - ok
18:01:03.0386 2176  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:01:03.0402 2176  HdAudAddService - ok
18:01:03.0402 2176  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:03.0417 2176  HDAudBus - ok
18:01:03.0417 2176  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:01:03.0433 2176  HidBatt - ok
18:01:03.0433 2176  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:01:03.0448 2176  HidBth - ok
18:01:03.0448 2176  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:01:03.0464 2176  HidIr - ok
18:01:03.0464 2176  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:01:03.0495 2176  hidserv - ok
18:01:03.0495 2176  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:01:03.0495 2176  HidUsb - ok
18:01:03.0511 2176  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:01:03.0526 2176  hkmsvc - ok
18:01:03.0542 2176  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:01:03.0558 2176  HomeGroupListener - ok
18:01:03.0558 2176  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:01:03.0573 2176  HomeGroupProvider - ok
18:01:03.0573 2176  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:01:03.0589 2176  HpSAMD - ok
18:01:03.0589 2176  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:01:03.0620 2176  HTTP - ok
18:01:03.0636 2176  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:01:03.0636 2176  hwpolicy - ok
18:01:03.0636 2176  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:03.0651 2176  i8042prt - ok
18:01:03.0651 2176  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:01:03.0667 2176  iaStorV - ok
18:01:03.0682 2176  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:03.0698 2176  idsvc - ok
18:01:03.0714 2176  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:01:03.0714 2176  iirsp - ok
18:01:03.0729 2176  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:01:03.0760 2176  IKEEXT - ok
18:01:03.0776 2176  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:01:03.0776 2176  intelide - ok
18:01:03.0776 2176  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:01:03.0792 2176  intelppm - ok
18:01:03.0792 2176  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:01:03.0823 2176  IPBusEnum - ok
18:01:03.0823 2176  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:03.0854 2176  IpFilterDriver - ok
18:01:03.0854 2176  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:01:03.0885 2176  iphlpsvc - ok
18:01:03.0901 2176  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:01:03.0916 2176  IPMIDRV - ok
18:01:03.0916 2176  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:01:03.0948 2176  IPNAT - ok
18:01:03.0948 2176  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:01:03.0963 2176  IRENUM - ok
18:01:03.0963 2176  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:01:03.0979 2176  isapnp - ok
18:01:03.0979 2176  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:01:03.0994 2176  iScsiPrt - ok
18:01:03.0994 2176  [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtBtBUs        C:\Windows\system32\Drivers\IvtBtBus.sys
18:01:04.0010 2176  IvtBtBUs - ok
18:01:04.0010 2176  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:04.0026 2176  kbdclass - ok
18:01:04.0026 2176  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:04.0026 2176  kbdhid - ok
18:01:04.0041 2176  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:01:04.0041 2176  KeyIso - ok
18:01:04.0057 2176  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:01:04.0072 2176  kl1 - ok
18:01:04.0072 2176  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:01:04.0088 2176  KLIF - ok
18:01:04.0104 2176  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:01:04.0104 2176  KLIM6 - ok
18:01:04.0104 2176  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
18:01:04.0119 2176  klkbdflt - ok
18:01:04.0119 2176  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:01:04.0119 2176  klmouflt - ok
18:01:04.0135 2176  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
18:01:04.0135 2176  kltdi - ok
18:01:04.0135 2176  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
18:01:04.0150 2176  kneps - ok
18:01:04.0150 2176  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:01:04.0166 2176  KSecDD - ok
18:01:04.0166 2176  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:01:04.0182 2176  KSecPkg - ok
18:01:04.0182 2176  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:01:04.0213 2176  ksthunk - ok
18:01:04.0213 2176  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:01:04.0244 2176  KtmRm - ok
18:01:04.0244 2176  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:01:04.0275 2176  LanmanServer - ok
18:01:04.0291 2176  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:01:04.0306 2176  LanmanWorkstation - ok
18:01:04.0322 2176  [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:01:04.0338 2176  LBTServ - ok
18:01:04.0338 2176  [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:01:04.0353 2176  LHidFilt - ok
18:01:04.0353 2176  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:01:04.0369 2176  lltdio - ok
18:01:04.0384 2176  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:01:04.0416 2176  lltdsvc - ok
18:01:04.0416 2176  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:01:04.0447 2176  lmhosts - ok
18:01:04.0447 2176  [ 96999C364C649E2866A268F7420A304A ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:01:04.0447 2176  LMouFilt - ok
18:01:04.0462 2176  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:01:04.0462 2176  LSI_FC - ok
18:01:04.0462 2176  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:01:04.0478 2176  LSI_SAS - ok
18:01:04.0478 2176  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:01:04.0494 2176  LSI_SAS2 - ok
18:01:04.0494 2176  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:01:04.0509 2176  LSI_SCSI - ok
18:01:04.0509 2176  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:01:04.0540 2176  luafv - ok
18:01:04.0540 2176  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:01:04.0556 2176  Mcx2Svc - ok
18:01:04.0556 2176  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:01:04.0556 2176  megasas - ok
18:01:04.0572 2176  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:01:04.0587 2176  MegaSR - ok
18:01:04.0587 2176  Microsoft SharePoint Workspace Audit Service - ok
18:01:04.0587 2176  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:01:04.0618 2176  MMCSS - ok
18:01:04.0618 2176  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:01:04.0650 2176  Modem - ok
18:01:04.0650 2176  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:01:04.0665 2176  monitor - ok
18:01:04.0665 2176  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:01:04.0681 2176  mouclass - ok
18:01:04.0681 2176  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:01:04.0681 2176  mouhid - ok
18:01:04.0696 2176  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:01:04.0696 2176  mountmgr - ok
18:01:04.0712 2176  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:04.0712 2176  MozillaMaintenance - ok
18:01:04.0728 2176  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:01:04.0728 2176  mpio - ok
18:01:04.0728 2176  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:01:04.0759 2176  mpsdrv - ok
18:01:04.0774 2176  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:01:04.0806 2176  MpsSvc - ok
18:01:04.0806 2176  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:01:04.0837 2176  MRxDAV - ok
18:01:04.0837 2176  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:04.0852 2176  mrxsmb - ok
18:01:04.0852 2176  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:04.0868 2176  mrxsmb10 - ok
18:01:04.0868 2176  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:04.0884 2176  mrxsmb20 - ok
18:01:04.0884 2176  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:01:04.0899 2176  msahci - ok
18:01:04.0899 2176  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
18:01:04.0915 2176  MSCamSvc - ok
18:01:04.0915 2176  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:01:04.0930 2176  msdsm - ok
18:01:04.0930 2176  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:01:04.0946 2176  MSDTC - ok
18:01:04.0946 2176  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:01:04.0977 2176  Msfs - ok
18:01:04.0977 2176  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:01:05.0008 2176  mshidkmdf - ok
18:01:05.0008 2176  [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
18:01:05.0008 2176  MSHUSBVideo - ok
18:01:05.0024 2176  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:01:05.0024 2176  msisadrv - ok
18:01:05.0024 2176  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:01:05.0055 2176  MSiSCSI - ok
18:01:05.0055 2176  msiserver - ok
18:01:05.0071 2176  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:01:05.0086 2176  MSKSSRV - ok
18:01:05.0102 2176  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:05.0118 2176  MSPCLOCK - ok
18:01:05.0118 2176  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:01:05.0149 2176  MSPQM - ok
18:01:05.0164 2176  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:01:05.0164 2176  MsRPC - ok
18:01:05.0180 2176  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:01:05.0180 2176  mssmbios - ok
18:01:05.0196 2176  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:01:05.0211 2176  MSTEE - ok
18:01:05.0211 2176  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:01:05.0227 2176  MTConfig - ok
18:01:05.0227 2176  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:01:05.0242 2176  MTsensor - ok
18:01:05.0242 2176  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:01:05.0258 2176  Mup - ok
18:01:05.0258 2176  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:01:05.0289 2176  napagent - ok
18:01:05.0305 2176  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:01:05.0320 2176  NativeWifiP - ok
18:01:05.0320 2176  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:01:05.0352 2176  NDIS - ok
18:01:05.0352 2176  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:05.0383 2176  NdisCap - ok
18:01:05.0383 2176  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:05.0414 2176  NdisTapi - ok
18:01:05.0414 2176  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:05.0445 2176  Ndisuio - ok
18:01:05.0445 2176  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:05.0476 2176  NdisWan - ok
18:01:05.0476 2176  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:01:05.0492 2176  NDProxy - ok
18:01:05.0508 2176  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:01:05.0523 2176  NetBIOS - ok
18:01:05.0539 2176  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:01:05.0554 2176  NetBT - ok
18:01:05.0570 2176  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:01:05.0570 2176  Netlogon - ok
18:01:05.0586 2176  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:01:05.0617 2176  Netman - ok
18:01:05.0617 2176  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0632 2176  NetMsmqActivator - ok
18:01:05.0632 2176  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0632 2176  NetPipeActivator - ok
18:01:05.0648 2176  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:01:05.0679 2176  netprofm - ok
18:01:05.0679 2176  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0695 2176  NetTcpActivator - ok
18:01:05.0695 2176  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:05.0695 2176  NetTcpPortSharing - ok
18:01:05.0710 2176  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:01:05.0710 2176  nfrd960 - ok
18:01:05.0726 2176  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:01:05.0742 2176  NlaSvc - ok
18:01:05.0742 2176  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:01:05.0757 2176  Npfs - ok
18:01:05.0773 2176  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:01:05.0788 2176  nsi - ok
18:01:05.0804 2176  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:01:05.0820 2176  nsiproxy - ok
18:01:05.0851 2176  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:01:05.0882 2176  Ntfs - ok
18:01:05.0882 2176  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:01:05.0913 2176  Null - ok
18:01:05.0913 2176  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:01:05.0929 2176  NVHDA - ok
18:01:06.0038 2176  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:06.0147 2176  nvlddmkm - ok
18:01:06.0163 2176  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:01:06.0178 2176  nvraid - ok
18:01:06.0178 2176  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:01:06.0194 2176  nvstor - ok
18:01:06.0194 2176  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:01:06.0225 2176  nvsvc - ok
18:01:06.0241 2176  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:01:06.0272 2176  nvUpdatusService - ok
18:01:06.0272 2176  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:01:06.0288 2176  nv_agp - ok
18:01:06.0288 2176  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:01:06.0303 2176  ohci1394 - ok
18:01:06.0319 2176  [ FB565EAF1E99F57D1963189EE2F8ED66 ] OS Selector     C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
18:01:06.0366 2176  OS Selector - ok
18:01:06.0366 2176  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:06.0381 2176  ose - ok
18:01:06.0428 2176  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:06.0522 2176  osppsvc - ok
18:01:06.0537 2176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:01:06.0553 2176  p2pimsvc - ok
18:01:06.0553 2176  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:01:06.0568 2176  p2psvc - ok
18:01:06.0568 2176  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:01:06.0584 2176  Parport - ok
18:01:06.0584 2176  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:01:06.0600 2176  partmgr - ok
18:01:06.0600 2176  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:01:06.0615 2176  PcaSvc - ok
18:01:06.0615 2176  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:01:06.0631 2176  pci - ok
18:01:06.0631 2176  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:01:06.0646 2176  pciide - ok
18:01:06.0646 2176  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:01:06.0662 2176  pcmcia - ok
18:01:06.0662 2176  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:01:06.0678 2176  pcw - ok
18:01:06.0693 2176  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:01:06.0725 2176  PEAUTH - ok
18:01:06.0740 2176  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:01:06.0771 2176  PeerDistSvc - ok
18:01:06.0803 2176  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:01:06.0818 2176  PerfHost - ok
18:01:06.0834 2176  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:01:06.0881 2176  pla - ok
18:01:06.0881 2176  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:01:06.0896 2176  PlugPlay - ok
18:01:06.0912 2176  PnkBstrA - ok
18:01:06.0912 2176  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:01:06.0912 2176  PNRPAutoReg - ok
18:01:06.0927 2176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:01:06.0943 2176  PNRPsvc - ok
18:01:06.0943 2176  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:01:06.0974 2176  PolicyAgent - ok
18:01:06.0990 2176  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:01:07.0021 2176  Power - ok
18:01:07.0021 2176  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:01:07.0052 2176  PptpMiniport - ok
18:01:07.0052 2176  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:01:07.0052 2176  Processor - ok
18:01:07.0068 2176  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:01:07.0083 2176  ProfSvc - ok
18:01:07.0083 2176  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:01:07.0099 2176  ProtectedStorage - ok
18:01:07.0099 2176  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:01:07.0130 2176  Psched - ok
18:01:07.0146 2176  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:01:07.0177 2176  ql2300 - ok
18:01:07.0177 2176  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:01:07.0193 2176  ql40xx - ok
18:01:07.0193 2176  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:01:07.0208 2176  QWAVE - ok
18:01:07.0224 2176  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:01:07.0239 2176  QWAVEdrv - ok
18:01:07.0239 2176  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:01:07.0255 2176  RasAcd - ok
18:01:07.0271 2176  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:07.0286 2176  RasAgileVpn - ok
18:01:07.0302 2176  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:01:07.0317 2176  RasAuto - ok
18:01:07.0333 2176  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:07.0349 2176  Rasl2tp - ok
18:01:07.0364 2176  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:01:07.0395 2176  RasMan - ok
18:01:07.0395 2176  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:07.0427 2176  RasPppoe - ok
18:01:07.0427 2176  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:01:07.0458 2176  RasSstp - ok
18:01:07.0458 2176  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:01:07.0489 2176  rdbss - ok
18:01:07.0489 2176  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:01:07.0505 2176  rdpbus - ok
18:01:07.0505 2176  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:07.0536 2176  RDPCDD - ok
18:01:07.0536 2176  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:01:07.0551 2176  RDPDR - ok
18:01:07.0551 2176  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:01:07.0583 2176  RDPENCDD - ok
18:01:07.0583 2176  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:01:07.0614 2176  RDPREFMP - ok
18:01:07.0614 2176  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:01:07.0629 2176  RdpVideoMiniport - ok
18:01:07.0629 2176  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:01:07.0645 2176  RDPWD - ok
18:01:07.0645 2176  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:01:07.0661 2176  rdyboost - ok
18:01:07.0661 2176  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:01:07.0692 2176  RemoteAccess - ok
18:01:07.0692 2176  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:01:07.0723 2176  RemoteRegistry - ok
18:01:07.0723 2176  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:01:07.0739 2176  RFCOMM - ok
18:01:07.0754 2176  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:01:07.0770 2176  RpcEptMapper - ok
18:01:07.0785 2176  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:01:07.0785 2176  RpcLocator - ok
18:01:07.0801 2176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:01:07.0832 2176  RpcSs - ok
18:01:07.0832 2176  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:01:07.0863 2176  rspndr - ok
18:01:07.0863 2176  [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
18:01:07.0863 2176  s0017bus - ok
18:01:07.0879 2176  [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
18:01:07.0879 2176  s0017mdfl - ok
18:01:07.0879 2176  [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
18:01:07.0895 2176  s0017mdm - ok
18:01:07.0895 2176  [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
18:01:07.0910 2176  s0017mgmt - ok
18:01:07.0910 2176  [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
18:01:07.0910 2176  s0017nd5 - ok
18:01:07.0926 2176  [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
18:01:07.0926 2176  s0017obex - ok
18:01:07.0941 2176  [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
18:01:07.0941 2176  s0017unic - ok
18:01:07.0941 2176  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:01:07.0957 2176  s3cap - ok
18:01:07.0957 2176  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:01:07.0973 2176  SamSs - ok
18:01:07.0973 2176  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:01:07.0988 2176  sbp2port - ok
18:01:07.0988 2176  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:01:08.0019 2176  SCardSvr - ok
18:01:08.0019 2176  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:01:08.0051 2176  scfilter - ok
18:01:08.0066 2176  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:01:08.0097 2176  Schedule - ok
18:01:08.0113 2176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:01:08.0129 2176  SCPolicySvc - ok
18:01:08.0144 2176  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:01:08.0144 2176  SDRSVC - ok
18:01:08.0160 2176  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:01:08.0191 2176  SDScannerService - ok
18:01:08.0207 2176  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:01:08.0222 2176  SDUpdateService - ok
18:01:08.0222 2176  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:01:08.0238 2176  SDWSCService - ok
18:01:08.0238 2176  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:01:08.0269 2176  secdrv - ok
18:01:08.0269 2176  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:01:08.0300 2176  seclogon - ok
18:01:08.0300 2176  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:01:08.0331 2176  SENS - ok
18:01:08.0331 2176  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:01:08.0347 2176  SensrSvc - ok
18:01:08.0347 2176  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:01:08.0363 2176  Serenum - ok
18:01:08.0363 2176  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:01:08.0378 2176  Serial - ok
18:01:08.0378 2176  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:01:08.0394 2176  sermouse - ok
18:01:08.0409 2176  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:01:08.0425 2176  SessionEnv - ok
18:01:08.0425 2176  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:01:08.0441 2176  sffdisk - ok
18:01:08.0441 2176  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:01:08.0456 2176  sffp_mmc - ok
18:01:08.0456 2176  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:01:08.0472 2176  sffp_sd - ok
18:01:08.0472 2176  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:01:08.0487 2176  sfloppy - ok
18:01:08.0487 2176  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:01:08.0519 2176  SharedAccess - ok
18:01:08.0534 2176  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:01:08.0565 2176  ShellHWDetection - ok
18:01:08.0565 2176  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:01:08.0581 2176  SiSRaid2 - ok
18:01:08.0581 2176  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:01:08.0597 2176  SiSRaid4 - ok
18:01:08.0597 2176  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:01:08.0612 2176  SkypeUpdate - ok
18:01:08.0612 2176  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:01:08.0643 2176  Smb - ok
18:01:08.0643 2176  [ F26AAD9ADFC9B62AC59A004A913C92DA ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
18:01:08.0659 2176  snapman - ok
18:01:08.0659 2176  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:01:08.0675 2176  SNMPTRAP - ok
18:01:08.0690 2176  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
18:01:08.0690 2176  Sony Ericsson PCCompanion - ok
18:01:08.0690 2176  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:01:08.0706 2176  spldr - ok
18:01:08.0721 2176  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:01:08.0737 2176  Spooler - ok
18:01:08.0768 2176  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:01:08.0846 2176  sppsvc - ok
18:01:08.0862 2176  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:01:08.0877 2176  sppuinotify - ok
18:01:08.0893 2176  sptd - ok
18:01:08.0893 2176  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:01:08.0909 2176  srv - ok
18:01:08.0924 2176  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:01:08.0940 2176  srv2 - ok
18:01:08.0955 2176  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:01:08.0955 2176  srvnet - ok
18:01:08.0971 2176  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:01:09.0002 2176  SSDPSRV - ok
18:01:09.0002 2176  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:01:09.0033 2176  SstpSvc - ok
18:01:09.0033 2176  Steam Client Service - ok
18:01:09.0033 2176  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:01:09.0049 2176  Stereo Service - ok
18:01:09.0065 2176  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:01:09.0065 2176  stexstor - ok
18:01:09.0080 2176  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:01:09.0096 2176  stisvc - ok
18:01:09.0111 2176  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:01:09.0111 2176  storflt - ok
18:01:09.0111 2176  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:01:09.0127 2176  storvsc - ok
18:01:09.0127 2176  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:01:09.0143 2176  swenum - ok
18:01:09.0143 2176  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:01:09.0174 2176  swprv - ok
18:01:09.0252 2176  [ 10196D1696B0B18168AD7FCDB8488F60 ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18:01:09.0345 2176  syncagentsrv - ok
18:01:09.0345 2176  Synth3dVsc - ok
18:01:09.0377 2176  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:01:09.0408 2176  SysMain - ok
18:01:09.0408 2176  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:01:09.0423 2176  TabletInputService - ok
18:01:09.0439 2176  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:01:09.0470 2176  TapiSrv - ok
18:01:09.0470 2176  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:01:09.0501 2176  TBS - ok
18:01:09.0517 2176  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:01:09.0564 2176  Tcpip - ok
18:01:09.0579 2176  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:01:09.0611 2176  TCPIP6 - ok
18:01:09.0626 2176  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:01:09.0626 2176  tcpipreg - ok
18:01:09.0642 2176  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:01:09.0642 2176  TDPIPE - ok
18:01:09.0673 2176  [ 7BC43335C778370FD0040D5224D8EDEB ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
18:01:09.0720 2176  tdrpman - ok
18:01:09.0720 2176  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:01:09.0720 2176  TDTCP - ok
18:01:09.0735 2176  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:01:09.0751 2176  tdx - ok
18:01:09.0767 2176  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:01:09.0767 2176  TermDD - ok
18:01:09.0782 2176  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:01:09.0813 2176  TermService - ok
18:01:09.0813 2176  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:01:09.0829 2176  Themes - ok
18:01:09.0845 2176  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:01:09.0860 2176  THREADORDER - ok
18:01:09.0891 2176  [ FE95379561B6554611F47E29F48EE931 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
18:01:09.0891 2176  tifsfilter - ok
18:01:09.0907 2176  [ 7D68EAB50DF8B71408B645BA8581800E ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
18:01:09.0923 2176  timounter - ok
18:01:09.0938 2176  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:01:09.0969 2176  TrkWks - ok
18:01:09.0969 2176  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:01:10.0001 2176  TrustedInstaller - ok
18:01:10.0001 2176  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:10.0032 2176  tssecsrv - ok
18:01:10.0032 2176  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:01:10.0047 2176  TsUsbFlt - ok
18:01:10.0047 2176  tsusbhub - ok
18:01:10.0079 2176  [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
18:01:10.0125 2176  TuneUp.UtilitiesSvc - ok
18:01:10.0125 2176  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
18:01:10.0141 2176  TuneUpUtilitiesDrv - ok
18:01:10.0141 2176  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:01:10.0172 2176  tunnel - ok
18:01:10.0172 2176  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:01:10.0188 2176  uagp35 - ok
18:01:10.0188 2176  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:01:10.0219 2176  udfs - ok
18:01:10.0235 2176  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:01:10.0235 2176  UI0Detect - ok
18:01:10.0250 2176  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:01:10.0250 2176  uliagpkx - ok
18:01:10.0250 2176  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:01:10.0266 2176  umbus - ok
18:01:10.0266 2176  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:01:10.0281 2176  UmPass - ok
18:01:10.0281 2176  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:01:10.0297 2176  UmRdpService - ok
18:01:10.0313 2176  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:01:10.0344 2176  upnphost - ok
18:01:10.0344 2176  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:01:10.0359 2176  usbaudio - ok
18:01:10.0359 2176  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:10.0375 2176  usbccgp - ok
18:01:10.0375 2176  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:01:10.0391 2176  usbcir - ok
18:01:10.0391 2176  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:01:10.0406 2176  usbehci - ok
18:01:10.0406 2176  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:01:10.0422 2176  usbhub - ok
18:01:10.0437 2176  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:01:10.0437 2176  usbohci - ok
18:01:10.0453 2176  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:01:10.0453 2176  usbprint - ok
18:01:10.0469 2176  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:10.0469 2176  USBSTOR - ok
18:01:10.0484 2176  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:01:10.0484 2176  usbuhci - ok
18:01:10.0500 2176  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:01:10.0515 2176  usbvideo - ok
18:01:10.0515 2176  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:01:10.0547 2176  UxSms - ok
18:01:10.0547 2176  [ CC3A994F4733FF4CD8CAF09DF892E61C ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
18:01:10.0562 2176  UxTuneUp - ok
18:01:10.0562 2176  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:01:10.0562 2176  VaultSvc - ok
18:01:10.0578 2176  VComm - ok
18:01:10.0578 2176  VcommMgr - ok
18:01:10.0578 2176  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:01:10.0593 2176  vdrvroot - ok
18:01:10.0593 2176  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:01:10.0640 2176  vds - ok
18:01:10.0640 2176  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:10.0656 2176  vga - ok
18:01:10.0656 2176  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:01:10.0687 2176  VgaSave - ok
18:01:10.0687 2176  VGPU - ok
18:01:10.0687 2176  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:01:10.0703 2176  vhdmp - ok
18:01:10.0703 2176  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:01:10.0718 2176  viaide - ok
18:01:10.0718 2176  [ ACBCBD8421920D20F1F40B6F76A4C213 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
18:01:10.0734 2176  vididr - ok
18:01:10.0734 2176  [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67       C:\Windows\system32\DRIVERS\vsflt67.sys
18:01:10.0749 2176  vidsflt67 - ok
18:01:10.0749 2176  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:01:10.0765 2176  vmbus - ok
18:01:10.0765 2176  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:01:10.0781 2176  VMBusHID - ok
18:01:10.0781 2176  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:01:10.0796 2176  volmgr - ok
18:01:10.0796 2176  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:01:10.0812 2176  volmgrx - ok
18:01:10.0827 2176  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:01:10.0843 2176  volsnap - ok
18:01:10.0843 2176  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:01:10.0859 2176  vsmraid - ok
18:01:10.0874 2176  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:01:10.0921 2176  VSS - ok
18:01:10.0921 2176  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:01:10.0937 2176  vwifibus - ok
18:01:10.0952 2176  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:01:10.0983 2176  W32Time - ok
18:01:10.0983 2176  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:01:10.0999 2176  WacomPen - ok
18:01:10.0999 2176  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:01:11.0030 2176  WANARP - ok
18:01:11.0030 2176  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:01:11.0061 2176  Wanarpv6 - ok
18:01:11.0077 2176  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:01:11.0108 2176  wbengine - ok
18:01:11.0124 2176  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:01:11.0139 2176  WbioSrvc - ok
18:01:11.0139 2176  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:01:11.0155 2176  wcncsvc - ok
18:01:11.0171 2176  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:01:11.0171 2176  WcsPlugInService - ok
18:01:11.0186 2176  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:01:11.0186 2176  Wd - ok
18:01:11.0202 2176  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:01:11.0217 2176  Wdf01000 - ok
18:01:11.0233 2176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:01:11.0264 2176  WdiServiceHost - ok
18:01:11.0264 2176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:01:11.0280 2176  WdiSystemHost - ok
18:01:11.0295 2176  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:01:11.0311 2176  WebClient - ok
18:01:11.0311 2176  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:01:11.0327 2176  Wecsvc - ok
18:01:11.0327 2176  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:01:11.0358 2176  wercplsupport - ok
18:01:11.0358 2176  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:01:11.0389 2176  WerSvc - ok
18:01:11.0389 2176  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:11.0420 2176  WfpLwf - ok
18:01:11.0420 2176  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:01:11.0436 2176  WIMMount - ok
18:01:11.0436 2176  WinDefend - ok
18:01:11.0451 2176  WinHttpAutoProxySvc - ok
18:01:11.0467 2176  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:01:11.0467 2176  Winmgmt - ok
18:01:11.0514 2176  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:01:11.0561 2176  WinRM - ok
18:01:11.0561 2176  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:01:11.0576 2176  WinUsb - ok
18:01:11.0592 2176  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:01:11.0623 2176  Wlansvc - ok
18:01:11.0623 2176  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:01:11.0623 2176  WmiAcpi - ok
18:01:11.0639 2176  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:01:11.0654 2176  wmiApSrv - ok
18:01:11.0654 2176  WMPNetworkSvc - ok
18:01:11.0654 2176  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:01:11.0670 2176  WPCSvc - ok
18:01:11.0685 2176  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:01:11.0701 2176  WPDBusEnum - ok
18:01:11.0701 2176  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:01:11.0732 2176  ws2ifsl - ok
18:01:11.0732 2176  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:01:11.0748 2176  wscsvc - ok
18:01:11.0748 2176  WSearch - ok
18:01:11.0779 2176  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:01:11.0826 2176  wuauserv - ok
18:01:11.0841 2176  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:01:11.0841 2176  WudfPf - ok
18:01:11.0857 2176  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:11.0873 2176  WUDFRd - ok
18:01:11.0873 2176  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:01:11.0888 2176  wudfsvc - ok
18:01:11.0888 2176  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:01:11.0904 2176  WwanSvc - ok
18:01:11.0919 2176  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:01:11.0919 2176  xusb21 - ok
18:01:11.0935 2176  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
18:01:11.0951 2176  yukonw7 - ok
18:01:11.0966 2176  ================ Scan global ===============================
18:01:11.0966 2176  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:01:11.0982 2176  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:01:11.0982 2176  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:01:11.0982 2176  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:01:11.0997 2176  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:01:11.0997 2176  [Global] - ok
18:01:11.0997 2176  ================ Scan MBR ==================================
18:01:11.0997 2176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:01:12.0107 2176  \Device\Harddisk0\DR0 - ok
18:01:12.0107 2176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:01:12.0169 2176  \Device\Harddisk1\DR1 - ok
18:01:12.0185 2176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:01:12.0231 2176  \Device\Harddisk2\DR2 - ok
18:01:12.0231 2176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
18:01:12.0278 2176  \Device\Harddisk3\DR3 - ok
18:01:12.0278 2176  ================ Scan VBR ==================================
18:01:12.0294 2176  [ BF7964145219FE01CCD76DD624AD9404 ] \Device\Harddisk0\DR0\Partition1
18:01:12.0294 2176  \Device\Harddisk0\DR0\Partition1 - ok
18:01:12.0294 2176  [ B14F8D23238C96BB64E6D53CED7D1D6D ] \Device\Harddisk0\DR0\Partition2
18:01:12.0294 2176  \Device\Harddisk0\DR0\Partition2 - ok
18:01:12.0294 2176  [ 4ED49B4999133C8E041A6046D20693B3 ] \Device\Harddisk1\DR1\Partition1
18:01:12.0294 2176  \Device\Harddisk1\DR1\Partition1 - ok
18:01:12.0325 2176  [ D0E01C6125D1720207055083B0E994C7 ] \Device\Harddisk2\DR2\Partition1
18:01:12.0325 2176  \Device\Harddisk2\DR2\Partition1 - ok
18:01:12.0325 2176  [ EB41E9A9D78C99371AB962B884802EAE ] \Device\Harddisk3\DR3\Partition1
18:01:12.0325 2176  \Device\Harddisk3\DR3\Partition1 - ok
18:01:12.0325 2176  ============================================================
18:01:12.0325 2176  Scan finished
18:01:12.0325 2176  ============================================================
18:01:12.0325 5276  Detected object count: 2
18:01:12.0325 5276  Actual detected object count: 2
18:01:18.0362 5276  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:18.0362 5276  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:01:18.0362 5276  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:18.0362 5276  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Wie geht es weiter?


Geändert von isnogud (23.03.2013 um 18:54 Uhr)

Alt 23.03.2013, 20:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck

Alt 24.03.2013, 19:01   #7
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

habe den Combofix ausgeführt. Jedoch waren dabei Spybot S&D und der Windows Defender aktiv. Spybot hatte ich eigentlich in der Taskleiste beendet, fand keine weitere Deaktivierungsmöglichkeit. Combofix hatte zu Anfang den Hinweis zu SS&D gegeben, dann aber weiter gefixt, als ich den Combofix schließen wollte. Den Defender hatte ich übersehen. Alles lief ohne Meldungen ab und danach habe ich Neu gestartet, auch ohne (Fehler)Meldung.
Firefox hatte dann wieder gefragt, ob ich ihn als Standard nutzen will.
TuneUp meldet:
Die Administrative Freigaben sind wieder aktiviert. Vorher deaktiviert.
Was wurde denn nun gefixt?
Das Explorer Problem besteht leider noch.
Soll ich erneut den Combofix ausführen ohne SS&D und WD?
Wie steht es denn um mein System nach den ganzen Logs?

Schritt 7 Combofix
Code:
ATTFilter
ComboFix 13-03-24.03 - OXOMOXO 24.03.2013  18:03:34.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.6135.3445 [GMT 1:00]
ausgeführt von:: d:\1st d o w n l o a d s\1-P R O G R A M M S\_Trojaner_Board_\7.Schritt\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\SETACD6.tmp
c:\windows\SysWow64\SETBBBB.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-24 bis 2013-03-24  ))))))))))))))))))))))))))))))
.
.
2013-03-24 17:10 . 2013-03-24 17:10	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-24 17:10 . 2013-03-24 17:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-24 17:06 . 2013-03-24 17:06	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CD1889F-4988-4F62-AAF4-2AA5093F9FCE}\offreg.dll
2013-03-23 16:02 . 2013-03-23 16:02	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-22 21:08 . 2013-03-22 21:08	--------	d-----w-	c:\users\OXOMOXO\AppData\Local\IsolatedStorage
2013-03-22 21:08 . 2013-03-22 21:08	--------	d-----w-	c:\users\OXOMOXO\AppData\Local\Futuremark
2013-03-22 14:26 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CD1889F-4988-4F62-AAF4-2AA5093F9FCE}\mpengine.dll
2013-03-16 15:53 . 2013-03-18 16:24	--------	d-----w-	c:\users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite
2013-03-16 15:49 . 2013-03-16 15:57	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-03-14 18:59 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-11 21:41 . 2013-03-11 21:41	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-11 21:41 . 2013-03-11 21:41	--------	d-----w-	c:\program files (x86)\Java
2013-03-07 22:15 . 2013-03-07 22:46	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-07 22:15 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-03-07 22:15 . 2013-03-07 22:15	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-07 18:56 . 2013-03-07 18:56	--------	d-----w-	c:\users\OXOMOXO\AppData\Local\REINER SCT
2013-03-07 18:53 . 2013-03-07 18:53	--------	d-----w-	c:\program files (x86)\REINER SCT
2013-02-25 23:32 . 2013-02-25 23:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:44 . 2011-07-21 01:55	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-11 21:41 . 2011-12-24 21:14	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-11 21:41 . 2011-10-08 23:17	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-05 15:03 . 2012-11-22 20:24	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 15:03 . 2012-11-22 20:24	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-25 23:32 . 2012-05-23 00:34	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2012-03-13 20:11	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2012-03-13 20:11	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-03-13 20:11	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 23:32 . 2012-10-10 19:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2012-03-13 20:11	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 23:32 . 2012-05-23 00:34	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2012-04-20 14:24	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-13 18:33	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:33	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:33	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:33	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:33	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:33	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-28 13:19 . 2012-12-24 16:33	35104	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-28 13:19 . 2013-02-08 18:27	37664	----a-w-	c:\windows\system32\uxtuneup.dll
2013-01-28 13:19 . 2013-02-08 18:27	29984	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-01-28 13:19 . 2012-12-24 16:33	26400	----a-w-	c:\windows\system32\authuitu.dll
2013-01-28 13:19 . 2012-12-24 16:33	21792	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-01-23 20:09 . 2011-12-24 21:16	1081760	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-23 20:09 . 2011-07-21 03:51	960416	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-18 15:00 . 2012-03-13 20:13	6390048	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-03-13 20:13	3460896	----a-w-	c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-04-20 13:54	2953448	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2012-03-13 20:13	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-03-13 20:13	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-03-13 20:13	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-03-13 20:13	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 07:15 . 2013-01-18 07:15	550176	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-17 00:28 . 2011-07-21 01:51	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 18:52	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 18:52	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 18:52	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 18:52	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 18:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 18:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 18:52	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 18:52	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 18:52	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 18:52	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 18:52	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 18:52	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 18:52	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Password Depot"="c:\program files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe" [2013-02-26 8347272]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-02-25 5655832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-27 1173680]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe"
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"AcronisTimounterMonitor"=c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
"AVMWlanClient"=c:\program files (x86)\avmwlanstick\wlangui.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-17 49152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-08-26 34440]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 714368]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 30344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2155848]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-08-26 24840]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-16 137312]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-06-16 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-31 146528]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-31 3491792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-31 367200]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-30 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-30 29528]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-28 36720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-22 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\OXOMOXO\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 403656]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr
FF - prefs.js: network.proxy.http - 193.27.209.200
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-24 17:52; jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack; c:\users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-24  18:22:17
ComboFix-quarantined-files.txt  2013-03-24 17:22
.
Vor Suchlauf: 10 Verzeichnis(se), 17.748.099.072 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 16.791.711.744 Bytes frei
.
- - End Of File - - 0AC4C8076A7CB5F13175C7E7C518ACCE
         
Wie geht es weiter?

Alt 25.03.2013, 15:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.03.2013, 22:44   #9
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

hier nun die Logfiles der nächsten Schritte.
Soll bei den Scans auch die Internetverbindung getrennt sein?

Schritt 8 Junkware
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Ultimate x64
Ran by OXOMOXO on 25.03.2013 at 22:08:15,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\OXOMOXO\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ FireFox

Successfully deleted: [File] C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\user.js
Successfully deleted: [File] "C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi" 
Successfully deleted: [Folder] C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\smartbar
Successfully deleted the following from C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\prefs.js

user_pref("CT2269050.1000082.currentList", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"type\":\
user_pref("CT2269050.1000082.isPlayDisplay", "true");
user_pref("CT2269050.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\",\"description\":\"Radio 8\",\"text\":\"Radio 8\",\"typ
user_pref("CT2269050.1000082.nowPlaying", "{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"type\":\"S
user_pref("CT2269050.1000082.publisherStations", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18:8082\",\"description\":\"Hotmix 108\",\"text\":\"Hotmix 108\",\"ty
user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT2269050.1000234.TWC_TMP_city", "");
user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.autoDisableScopes", -1);
user_pref("CT2269050.defaultSearch", "FALSE");
user_pref("CT2269050.defaultSearchDisplayName", "");
user_pref("CT2269050.defaultSearchUrl", "");
user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2269050.enableAlerts", "always");
user_pref("CT2269050.enableFix404", "");
user_pref("CT2269050.enableSearchFromAddressBar", "");
user_pref("CT2269050.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.installId", "");
user_pref("CT2269050.installType", "");
user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2269050.openThankYouPage", "FALSE");
user_pref("CT2269050.openUninstallPage", "FALSE");
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "0");
user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1333804324250");
user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1333804327753");
user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1333804323494");
user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1333804326805");
user_pref("CT2269050.serviceLayer_services_login_10.7.1.62_lastUpdate", "1333804327721");
user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1333804323684");
user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1333804325342");
user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1333804323025");
user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1333804322525");
user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1333804324399");
user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1333804322998");
user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1333804323639");
user_pref("CT2269050.settingsINI", true);
user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.isHidden", false);
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("CT2269050.smartbar.userID", "UN99569547235419747");
user_pref("CT2269050.startPage", "FALSE");
user_pref("CT2269050.toolbarBornServerTime", "7-4-2012");
user_pref("CT2269050.toolbarCurrentServerTime", "7-4-2012");
user_pref("browser.newtabpage.blocked", "{\"9Rh3/cjLplxjC9ujcPSs+A==\":1,\"9SEkiyIPTGY5dgLIvoMzPw==\":1,\"BgtHR0Pfekm6tCPTfPjCfQ==\":1,\"q7CibMEP4IPaxSGLxagUvA==\":1,\"pNAH+f7
user_pref("extensions.jid1-F9UJ2thwoAm5gQ@jetpack.install-event-fired", true);
Emptied folder: C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2013 at 22:14:06,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Schritt 9 AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 25/03/2013 um 22:16:38 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : OXOMOXO - OXOMOXO-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\9.Schritt\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\OXOMOXO\AppData\Roaming\Mozilla\Firefox\Profiles\gn5qkw1p.default\prefs.js

Gelöscht : user_pref("CT2269050.1000082.currentList", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.[...]
Gelöscht : user_pref("CT2269050.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio[...]
Gelöscht : user_pref("CT2269050.1000082.nowPlaying", "{\"stationId\":\"12473383\",\"url\":\"hxxp://67.202.67.18[...]
Gelöscht : user_pref("CT2269050.1000082.publisherStations", "[{\"stationId\":\"12473383\",\"url\":\"hxxp://67.2[...]
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

*************************

AdwCleaner[S1].txt - [2899 octets] - [25/03/2013 22:16:38]

########## EOF - C:\AdwCleaner[S1].txt - [2959 octets] ##########
         
Schritt 10 OTL
Code:
ATTFilter
OTL logfile created on: 25.03.2013 22:24:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,33 Gb Available Physical Memory | 72,22% Memory free
11,98 Gb Paging File | 10,25 Gb Available in Paging File | 85,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 18,03 Gb Free Space | 15,13% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 128,69 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 60,81 Gb Free Space | 6,53% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,52 Gb Free Space | 8,24% Space Free | Partition Type: NTFS
 
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 08 42 BD 42 F2 CC 01  [binary data]
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{06147D0B-3E6D-4F2B-9E14-73283861B7B1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{3266822E-E7AC-4C78-8D31-B5C47706CED5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{35EEE4DB-B189-452C-99FE-714F13F28999}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{6AEF6E0A-71D1-4D6F-B13F-3AE1249E62CC}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=&search={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{96706323-4C6D-4ECA-B5A5-F54664802C08}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..\SearchScopes\{B49B91C3-ECC9-410B-B47E-E11BDA4787BD}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms}
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
IE - HKU\S-1-5-21-2341245274-143446861-2149103087-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: flashkiller%40joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.5.48.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.4.0
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.http: "193.27.209.200"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2013.03.04 00:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M]
 
[2011.07.21 06:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Extensions
[2013.03.25 22:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions
[2013.02.22 15:29:23 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.03.15 23:07:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.01 23:33:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.01.14 17:58:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2013.02.23 21:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.14 23:42:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com
[2012.05.16 19:49:14 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\fb_add_on@avm.de
[2013.03.03 15:25:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.03.05 18:36:15 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\anticontainer@downthemall.net.xpi
[2011.07.22 10:56:05 | 000,120,125 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\dtaScheduler@forboden.com.xpi
[2012.07.06 22:04:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.02.23 16:26:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\firebug@software.joehewitt.com.xpi
[2011.07.22 04:56:50 | 000,028,950 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\flashkiller@joli.clic.xpi
[2013.02.10 14:10:53 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\stealthyextension@gmail.com.xpi
[2013.01.29 17:31:23 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.23 17:12:34 | 000,349,484 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011.07.22 04:56:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.02.09 20:50:48 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2012.02.26 14:44:28 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013.03.03 22:14:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.14 23:42:51 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.25 21:53:09 | 000,014,059 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013.02.14 11:45:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 20:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.15 15:54:58 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.03.02 15:27:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.12.11 18:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2011.07.22 10:58:38 | 000,001,632 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\firefox-add-ons.xml
[2012.08.31 16:16:02 | 000,002,492 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\ixquick-https.xml
[2011.07.22 10:58:26 | 000,004,140 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\youtube.xml
[2013.03.08 22:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 22:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.04 00:17:30 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES (X86)\ACEBIT\PASSWORD DEPOT 6\FIREFOX
[2012.12.20 21:03:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.01.10 20:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.10 20:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.10 20:08:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.10 20:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 20:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.10 20:08:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.24 18:10:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2341245274-143446861-2149103087-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\S-1-5-21-2341245274-143446861-2149103087-1001\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4D7B0E-AD50-43C6-9EDB-1996E49EC5B7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70B23B1-6204-418A-8226-B226FD078D91}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.25 22:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.25 22:07:50 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.24 18:22:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.24 18:02:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.24 18:02:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.24 18:02:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.24 18:02:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.24 17:59:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.24 17:59:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.22 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\IsolatedStorage
[2013.03.22 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\Futuremark
[2013.03.22 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\Documents\3DMark
[2013.03.16 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite
[2013.03.16 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.03.14 19:59:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.13 19:40:38 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 19:40:38 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 19:40:38 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 19:40:38 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 19:40:38 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 19:40:38 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 19:40:38 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 19:40:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 19:40:38 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 19:40:38 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 19:40:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 19:40:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 19:40:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 19:40:38 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 19:40:38 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 19:40:38 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 19:40:38 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 19:40:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 19:40:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 19:40:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 19:40:38 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 19:40:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 19:40:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 19:40:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 19:40:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 19:40:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 19:40:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 19:40:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 19:40:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 19:40:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 19:40:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 19:40:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 19:40:37 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 19:40:37 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 19:40:37 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 19:40:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 19:40:37 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 19:40:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 19:40:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 19:40:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 19:40:37 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 19:40:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 19:40:37 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 19:40:37 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 19:40:37 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 19:40:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 19:40:37 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 19:40:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 19:40:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 19:40:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 19:40:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 19:40:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 19:40:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 19:40:37 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 19:40:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 19:40:37 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 19:40:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 19:40:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 19:40:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 19:40:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 19:40:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 19:40:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 19:40:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 19:40:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 19:40:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 19:40:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 19:40:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 19:40:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.11 22:41:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.11 22:41:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.11 22:41:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.11 22:41:23 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.11 22:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.08 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.07 23:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.07 23:15:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.07 23:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.07 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\REINER SCT
[2013.03.07 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REINER SCT
[2013.03.03 13:29:23 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.03 13:29:23 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.03 13:29:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.03 13:29:23 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.03 13:29:21 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.03 13:29:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.03 13:29:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.03 13:29:20 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.03 13:29:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.03 13:29:20 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.03 13:29:20 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.03 13:29:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.03 13:29:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.03 13:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.03 13:29:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.03 13:29:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.03 13:29:19 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.03 13:29:19 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.03 13:29:19 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.03 13:29:19 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.03 13:29:19 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.03 13:29:19 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.03 13:29:19 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.03 13:29:19 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.03 13:29:19 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.03 13:29:19 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.03 13:29:19 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.03 13:29:19 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.26 00:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.26 00:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.26 00:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.26 00:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.26 00:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.26 00:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.26 00:32:36 | 000,958,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.26 00:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.26 00:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.26 00:32:32 | 000,245,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.26 00:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.26 00:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.26 00:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.26 00:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.26 00:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.26 00:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.26 00:32:04 | 000,201,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.25 22:19:27 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.25 22:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 21:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.25 21:47:41 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.25 21:47:41 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.25 21:47:41 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.25 21:47:41 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.25 21:47:41 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.25 21:45:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 21:45:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 18:10:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.21 19:21:16 | 000,000,000 | ---- | M] () -- C:\Users\OXOMOXO\defogger_reenable
[2013.03.13 19:40:38 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 19:40:38 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 19:40:38 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 19:40:38 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 19:40:38 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 19:40:38 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 19:40:38 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 19:40:38 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 19:40:38 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 19:40:38 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 19:40:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 19:40:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 19:40:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 19:40:38 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 19:40:38 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 19:40:38 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 19:40:38 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 19:40:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 19:40:38 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 19:40:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 19:40:38 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 19:40:38 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 19:40:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 19:40:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 19:40:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 19:40:38 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 19:40:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 19:40:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 19:40:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 19:40:38 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 19:40:38 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 19:40:38 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 19:40:37 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 19:40:37 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 19:40:37 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 19:40:37 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 19:40:37 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 19:40:37 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 19:40:37 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 19:40:37 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 19:40:37 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 19:40:37 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 19:40:37 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 19:40:37 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 19:40:37 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 19:40:37 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 19:40:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 19:40:37 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 19:40:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 19:40:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 19:40:37 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 19:40:37 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 19:40:37 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 19:40:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 19:40:37 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 19:40:37 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 19:40:37 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 19:40:37 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 19:40:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 19:40:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 19:40:37 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 19:40:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 19:40:37 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 19:40:37 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 19:40:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 19:40:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 19:40:37 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 19:40:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.13 19:40:37 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 19:40:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.11 22:41:20 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.03.11 22:41:20 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.11 22:41:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.11 22:41:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.11 22:41:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.11 22:41:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.07 23:24:13 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.07 23:15:13 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.07 19:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2013.03.05 16:03:10 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.05 16:03:10 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.04 00:17:31 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk
[2013.03.03 14:54:56 | 000,001,061 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.26 00:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.26 00:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.26 00:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.26 00:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.26 00:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.26 00:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.26 00:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013.02.26 00:32:38 | 001,107,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.26 00:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.26 00:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.26 00:32:36 | 000,958,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.26 00:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.26 00:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.26 00:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013.02.26 00:32:32 | 000,245,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.26 00:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.26 00:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.26 00:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.26 00:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.26 00:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.26 00:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.26 00:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.26 00:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.26 00:32:04 | 000,201,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.25 22:19:18 | 000,416,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.24 18:02:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.24 18:02:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.24 18:02:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.24 18:02:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.24 18:02:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.21 19:21:16 | 000,000,000 | ---- | C] () -- C:\Users\OXOMOXO\defogger_reenable
[2013.03.13 19:40:38 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 19:40:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.07 23:15:13 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.07 23:15:13 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.07 19:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.06.19 17:45:09 | 000,004,096 | -H-- | C] () -- C:\Users\OXOMOXO\AppData\Local\keyfile3.drm
[2012.02.23 23:53:04 | 000,003,584 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.18 02:23:17 | 000,007,641 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\Resmon.ResmonCfg
[2011.10.08 23:05:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.08 23:05:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.27 13:29:02 | 000,017,408 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\WebpageIcons.db
[2011.07.21 03:55:21 | 001,598,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 25.03.2013, 22:51   #10
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 25.03.2013 22:24:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\10.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,33 Gb Available Physical Memory | 72,22% Memory free
11,98 Gb Paging File | 10,25 Gb Available in Paging File | 85,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 18,03 Gb Free Space | 15,13% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 128,69 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 60,81 Gb Free Space | 6,53% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,52 Gb Free Space | 8,24% Space Free | Partition Type: NTFS
 
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1C1AA-46B6-4A6A-A57B-773ABB67B316}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0B35B5A4-04C9-4F53-BAE0-80F94BDA32DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1089ACE5-0CCD-4D11-8F23-4644EEB90C59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1D450791-D779-4B5C-95B7-5088A16A2DEC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B7AD6D9-8652-4A49-B018-509CC3FCD9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34A65425-95F4-456F-A0A7-C87C8FBA5073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B5E083F-CFDD-43DD-BBAD-E58DA707661D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BB8A7B9-CF0B-4371-BC4E-A4715C9CDBC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E5631B1-99C2-4BDC-AD2E-C37B1ECDA0EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{576ECA21-1C46-4B74-9116-80E21302E766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6037C601-55B2-4AD7-8C92-9B0F0A894CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{603CAD2D-429F-48BD-972F-1427FE3BECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68F918A2-F7F4-4741-B0E4-E9ED7A997011}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87198B0D-E93E-4E80-9499-415A95ABEFA2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F5BAC88-D2C2-4C28-8DCF-6624F56C12A4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{99111059-5DAD-483B-B5CC-0B5DA5EC3AA3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE0A8CBB-3BC7-4A5C-9317-740151C2675F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1563398-039F-4A23-BF87-E0B177F26DA1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD05E012-345A-4BE8-BE12-5CFC1A514F17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CE64A1AB-6E74-4368-A3D1-371E0BC8249F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D7062837-CB90-40C3-BF61-09DB7C665F13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E73EE358-F6C8-4C23-98D7-75F05B954C59}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC97A9-1044-49D6-A8B8-4AD5CA24548B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe | 
"{034EA0EA-15EC-4713-A7BE-6C56F5F19624}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe | 
"{03824658-E6E2-4F3C-B88E-902F32CD7C42}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe | 
"{065276C8-0B29-4943-8CB0-9CF77252DA4A}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe | 
"{074D4541-AAA1-46DC-89AE-D14B0636323F}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{08B29CBC-2EA3-4CDD-B0CD-1C2EB1B5F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A8E9838-8429-46FE-8CAC-A2F0E892E18C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0BD4D823-62DC-4D6D-9597-92AFBDB4D39B}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklauncher.exe | 
"{0E1CB3BE-3C2D-43B5-8BAC-BEBF14BB994D}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe | 
"{0E96AD09-83A9-48EF-8A97-9087BF8B7877}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe | 
"{114EDCEE-9B6A-44DC-9F32-8B3A1E6FD820}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe | 
"{13EDB007-FEF7-4A32-8721-8ED09F72BF2C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{14BD77B6-C51E-4DAE-BB87-EE0F48D2F0F1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64_steam_beta\3dmark.exe | 
"{14D8592F-B92A-434D-9B7C-1F8B05386268}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1589933C-91E3-46F7-A405-DB97CEC695BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe | 
"{17F38B1E-46CB-4EEB-A6BD-CF007D065DC7}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklauncher.exe | 
"{196B796F-1855-4D67-AFBC-1718487CF7A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{19F103EA-469D-41BB-A840-25C00327DAF7}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1C336387-FD25-4C99-AF75-D9D00D20C212}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{1D0D58FE-8761-42B7-AF86-97D32002356B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{1D4A32D1-8E88-435F-854F-D7065144712B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{204FA3F0-2C5B-4AB6-8EA9-64CF95936255}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{2458B340-DF35-4331-B311-ACA81B79CBD6}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{24E1908C-3BC4-4352-AE78-A3F45EF5604C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe | 
"{29A5FDAB-E5BC-43EA-87A6-0553AB99928B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{29A73764-3868-4BAF-9323-24C4095D1265}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe | 
"{2C9F2368-E4E1-48D8-B681-D8C4DB5B3441}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{2EAE3536-12C1-4A89-B538-1FFDD514460D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe | 
"{34378499-5CEA-43E9-9F40-606224B0E0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{34901DEE-A30A-480A-8DAD-F3B09492F62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{35AFC599-C634-4421-A07F-4FBE4A800186}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37566264-3092-4727-900E-C0EB5126F31C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{38EB59C9-F2B5-4DCD-A006-FA584382D73F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3CB0939E-632A-44AD-857E-5BAA9E7DB73F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{3E483AB0-C0A9-4216-851C-1989F8AA8DD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{42EBE8E2-DD81-4A05-A17E-97BA119788F3}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{450D6BC3-A6D2-45D7-85E5-3B1BDF7F765F}" = protocol=6 | dir=out | app=system | 
"{4731A120-FF47-4E01-8BC4-6063788FFE4C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe | 
"{4799BCAD-3746-47EA-BD7E-428AD71AF188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{49083415-26B0-4226-955E-E4F6FDA8A5E3}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe | 
"{4D2B2A59-43D9-46E6-A9AC-149009BDE9F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe | 
"{4EE63132-9DAB-4D57-9B4E-AE74AFD7C177}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklaunchersteambeta.exe | 
"{4F84E32B-BD66-489A-8B39-B5D04F7E7771}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe | 
"{51C255D0-C33E-4323-864B-C6A6D9B89581}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{52823517-651C-456A-9164-D84048B69631}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe | 
"{54D5AC0A-D788-4759-8D36-62799DD0F67D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57463554-8171-42E1-A198-5E8C285AFA15}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{57BD2394-52C6-459E-B3CE-2BED1EA18A7E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{58683A6E-F45B-462F-B8DF-A63DB020BD2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5A603016-DD13-464B-B423-EA44763351C1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat | 
"{5CC6B97A-E0FA-428E-BD5E-7C56EDF110D9}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe | 
"{60F8EFA2-59E9-40DD-BC28-9E433FBC2F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E7AB61-7257-443D-AC64-8E15B88A0ABA}" = protocol=6 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B53DDB6-8DDC-455B-A270-E9AF610E32A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AD076F7-2189-4680-A788-37B5832183A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7CADE6DD-4C93-45B5-9440-8D8908EF431E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86\3dmark.exe | 
"{7EC169F4-29AB-4504-A0CC-3133583A1EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80CFFBB7-911D-4A9F-86FB-BDBB9586A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{85247B4F-F44C-4CFD-BB0D-54D25B62DF18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86A3EA29-C803-428C-BE37-6BFE1A1A9280}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{8A19CC0D-20B7-47F3-8386-103530C13402}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe | 
"{8BFED094-135D-47BA-A95E-C8D4CBA3FDEA}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe | 
"{8DD69384-FB54-47C8-A36B-86BA6C8AC5E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe | 
"{8E16E3A7-6091-4ACE-A43F-97C988CE5D24}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{8E3D0785-F43B-456F-ABA1-E405734AE253}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\3dmarklaunchersteambeta.exe | 
"{9230FE4E-EB73-43F3-8830-79D109EC8151}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe | 
"{92766F9D-07D8-4E4D-BDD7-98FCA29981F8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe | 
"{937751A1-B3E3-4F5F-BCFD-02555D97B3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AA8775A-B12D-41BE-858D-0B73480453CE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe | 
"{9BA55D57-F796-4328-87B9-5A14EB7BFEF1}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe | 
"{9C12345E-7506-4FCD-B388-DB06A6A78826}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe | 
"{9DDA1620-300E-43FE-8A8D-9ED4E1F88675}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe | 
"{9EFBF356-6798-430F-90BF-1362F483C089}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe | 
"{9F5795BA-9B2B-4636-8A94-658C08F79BEB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe | 
"{A019B2A6-B6B9-4C2A-A4F7-E92A91BF3105}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A60A456A-BC8A-456A-8AF1-6E2C93D1BF8E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86_steam_beta\3dmark.exe | 
"{A73AEB97-7971-403D-B953-90D6D6D81FC2}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe | 
"{B0691EC9-7F09-4294-873E-B8EC7AC08CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{B3C09AE2-9498-4217-9695-4F172BE504E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe | 
"{B3E08893-0775-49FB-AEB0-262DD76E712A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B644451C-6D78-4402-9DEF-113ACBAF8597}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{B760BE85-4423-46A1-85FC-1313508AB57F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{B8219290-2744-4635-813A-98CAC2DBEC13}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe | 
"{B9B1B8BA-2D95-4368-889A-933B9582C51C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe | 
"{BDB4308B-8BA3-4E08-B054-98D76BEF6FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{BE60EBB5-A092-464C-BF80-8E9BCB311255}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64\3dmark.exe | 
"{C009661E-1C8D-4051-B31E-CBF8A11A79AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{C1C4A689-2E4E-4C17-B27D-AB6553173865}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C36AF29B-70F4-4452-A8E8-AF409BA43799}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{C3700B4E-A6C1-467D-9BF6-4290CC285295}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat | 
"{C5881EE9-68F9-4663-A3BF-0D81186C2279}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64_steam_beta\3dmark.exe | 
"{C6AF522A-5431-4ACC-A79C-3E5340635994}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{C9C26E99-F066-4719-965B-69533C77F328}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{CA7CDCD9-DDCB-4BBD-925A-2F7D122BFEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{CAAFB741-B900-4BEF-9A3C-1DD7F7D79E4D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe | 
"{CB9BC41E-97B3-4EE4-92CA-9ABED9F04457}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe | 
"{CB9D580C-7743-4EC6-A787-9C1C1F568B66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CC2A9358-6F22-4010-9A89-72EB98243142}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe | 
"{CD12063E-3A8D-4922-A73F-FC2ED4250A8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDDD53F7-B9C3-474C-8009-1FB7B2DFA25B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86\3dmark.exe | 
"{CE12D7BD-E112-4490-AB7C-38C85E074B0D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe | 
"{CE2520BC-C012-426D-AC91-626EE16B7E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D530C5C4-AF60-4291-9930-C8BB5A3DF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6C24D9F-08CB-4896-B086-999BA011CB28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6D32F6E-7F14-4627-88CE-6251325CF5E8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{DCB1F359-1063-45E8-920C-9C4B108C7941}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe | 
"{DD351889-6709-469F-9475-888762BCD803}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe | 
"{DDC8B000-68AD-4961-B310-04F469C5FE22}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{E014BCCE-4E00-4298-8175-A36201445553}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe | 
"{E3804C2E-3366-4BE6-862B-26DC54018D29}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x86_steam_beta\3dmark.exe | 
"{E61EE88F-B237-4AD1-A6DA-DF1D73AFDAEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EB5F3FDE-4C9B-46A4-ABB4-D74D8DBB2AFB}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\3dmark\bin\x64\3dmark.exe | 
"{EDFDA0DE-B54F-4A09-B724-E3E1F1A2B170}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{EFF71173-3810-46F0-89E3-1F2EB9BDCC9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04E3C45-E53F-4CEC-BF2F-DB8ADF3FA4DC}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe | 
"{F59ABE4E-84BE-4240-B586-CA1FB95EF765}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{FAF2ED6D-8037-40C4-BDD2-430312E54A8E}" = protocol=17 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FB2F82B8-DA2E-44F3-96F8-340ECB97C5E0}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe | 
"{FB3A49CB-D3DC-4DAE-AB27-7CCA5038C185}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBE69E48-0B7C-492E-B11A-72FC1B89CA0F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe | 
"TCP Query User{5088C0B5-6189-41F2-9F74-0EBF6F1233E7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{E21B7AA9-140A-44BD-A5F1-F74A6136AC08}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.30
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-65fdd504-e7d5-463d-b80d-d2087eb2a27b" = My Game Long Name
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFAA49C-2B1D-4808-B43A-4AAFF0475B04}" = Plus Pack für Acronis True Image Home 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"Anti-Twin 2011-07-23 03.08.03" = Anti-Twin (Installation 23.07.2011)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Endless City" = NVIDIA Endless City demo
"ESN Sonar-0.70.0" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"ITN Converter_is1" = ITN Converter 1.78
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neolog_is1" = Neolog 1.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PreSonus Studio One 2" = PreSonus Studio One 2
"PS3 Media Server" = PS3 Media Server
"Steam App 100410" = CameraBag 2
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 107900" = War Inc. Battlezone
"Steam App 113420" = Fallen Earth
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 13520" = Far Cry
"Steam App 17410" = Mirror's Edge
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 203850" = Microsoft Flight
"Steam App 205230" = Hell Yeah!
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 214850" = GameMaker: Studio
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 221080" = District 187
"Steam App 231350" = 3DMark Demo
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38830" = CrimeCraft GangWars
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Winamp" = Winamp
"XnView_is1" = XnView 1.99.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2341245274-143446861-2149103087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 25.03.2013 17:19:39 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
Bei allen 3 Scans hatte ich vergessen Spybot S&D zu deaktivieren. Soll ich es erneut scannen?
Wie geht es weiter?

Alt 25.03.2013, 23:26   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2013, 13:10   #12
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

die 2 Scans habe ich erledigt. Dauerte etwas länger bei ca. 7TB.
Wenn alles OK ist, sind wir dann fertig mit den Scans?
Können wir noch versuchen den PC evtl. sicherer zu konfigurieren?

Schritt 11
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
OXOMOXO :: OXOMOXO-PC [Administrator]

Schutz: Aktiviert

26.03.2013 23:16:03
mbam-log-2013-03-26 (23-16-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235618
Laufzeit: 1 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Schritt 12
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
         

Alt 30.03.2013, 01:07   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Mit dem ESET-Log stimmt etwas nicht. Hast du ESET als Admin ausgeführt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.03.2013, 15:30   #14
isnogud
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Hallo Cosinus,

habe den ESET Scan noch einmal durchgeführt. Ein paar externe HDDs habe ich weggelassen.
Mein Problem mit dem Explorer besteht noch. Im www werde ich nicht weiter schlau daraus. Da gibt es zu viele Probleme. Kannst du mir dabei helfen?

Schritt 12 ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=247c10f8daf5a646b65d9d50fbe2441a
# engine=13517
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-30 03:21:29
# local_time=2013-03-30 04:21:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 63523 19426811 0 0
# compatibility_mode=5893 16776573 100 94 62718 116286739 0 0
# scanned=469095
# found=0
# cleaned=0
# scan_time=9315
         

Alt 01.04.2013, 14:58   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Standard

SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck



Ok, bitte nochmal zur Sicherheit den Malwarebyts Quickscan widerholen, vorher aber bitte die Signaturen aktualisieren.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck
absturz, adobe reader xi, computer, ebanking, explorer, install.exe, internet security 2013, intranet, jdownloader, kaspersky internet security 2013, launch, ntdll.dll, plug-in, safer networking, scan, shell32.dll, systemcheck, trojaner-board, win32k.sys, windows




Ähnliche Themen: SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck


  1. "Windows 7 Build 7601 Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt"
    Plagegeister aller Art und deren Bekämpfung - 08.03.2015 (22)
  2. Windows 7 kompletter Absturz, Probleme beim Booten
    Alles rund um Windows - 25.05.2014 (0)
  3. Windows 8.1. unerwünschte Popups in Internet Explorer Version 11.0.9600.16659
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (12)
  4. Build 7601 (Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt)
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (9)
  5. die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Möglicherweise sind Sie Opfer einer Softwarefälschung!
    Alles rund um Windows - 05.04.2014 (2)
  6. Windows 7 Build 7601 Problem
    Log-Analyse und Auswertung - 04.05.2013 (12)
  7. kompletter Windows-+ Programm-Neustart nach GUV-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (1)
  8. FakeAlert gbR und SystemCheck auf Windows Vista
    Log-Analyse und Auswertung - 16.02.2012 (40)
  9. Windows 7 - PC stürzt ab, selbst nach kompletter Neuaufsetzung
    Alles rund um Windows - 29.06.2011 (2)
  10. explorer.exe absturz bei Windows start!
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (4)
  11. explorer.exe bringt Programme zum Absturz
    Log-Analyse und Auswertung - 03.10.2010 (1)
  12. Trotz system neu installation immer wieder WINDOWS explorer absturz
    Alles rund um Windows - 27.11.2009 (7)
  13. Ist ein Windows Systemcheck extern möglich?
    Alles rund um Windows - 26.04.2009 (0)
  14. Explorer Absturz
    Plagegeister aller Art und deren Bekämpfung - 04.09.2008 (8)
  15. drwtsn32.exe problem. explorer absturz
    Log-Analyse und Auswertung - 15.08.2008 (1)
  16. Fehlermeldung Explorer Mode Name shell32.dll brauche hilfe dringend
    Log-Analyse und Auswertung - 20.01.2007 (1)
  17. Explorer.exe Absturz bei öffnen von bestimmtem Ordner
    Log-Analyse und Auswertung - 20.05.2005 (11)

Zum Thema SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck - Hallo Trojaner-Board User, seit dieser Woche funktioniert mein Windows Explorer nicht mehr richtig. Er stürzt immer schon ab, wenn ich links in der Ordnerstruktur nur das Kontextmenü aufrufe. Weitere Aktionen - SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck...
Archiv
Du betrachtest: SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.