| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter SystemcheckWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.03.2013, 20:56
| #1 |
 |  SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck Hallo Trojaner-Board User, seit dieser Woche funktioniert mein Windows Explorer nicht mehr richtig. Er stürzt immer schon ab, wenn ich links in der Ordnerstruktur nur das Kontextmenü aufrufe. Weitere Aktionen sind nicht möglich. Da ich eine .iso auslesen wollte, habe ich Deamon Tools Lite installiert. Dies habe ich nun wieder deinstalliert. Problem mit dem Explorer ist aber geblieben. Ich werde Euch mal alles posten, was ich dazu habe. Sollte etwas fehlen, bitte ich um Hinweise, wie dies zu posten ist. Anschließend würde ich gern ein Systemcheck machen und somit erfahren ob noch alles clean ist. Hinweise: Bei Schritt 1 und 2 habe ich KIS mitlaufen lassen. Bei Schritt 3 nicht. Nach den Checks fuhr mein PC nicht mehr herunter. WIN 7 Ultimate x64 Da ich schon Erfahrung in diesem Board sammeln konnte, weiß ich, was die Helfer hier für eine Arbeit leisten und möchte mich schon einmal vorab bedanken.  PC-System: Code:
ATTFilter Betriebssystem
Microsoft Windows 7 Ultimate 64-bit SP1
CPU
Intel Core i7 930 @ 2.80GHz 45 °C
Bloomfield 45nm Technologie
RAM
6,00 GB Trippel-Kanal DDR3 @ 534MHz (8-8-8-20)
Motherboard
ASUSTeK Computer INC. Rampage II Extreme (LGA1366) 29 °C
Grafik
H243HX (1920x1080@59Hz)
1535 MBGeForce GTX 580 (ASUStek Computer Inc) 35 °C
Festplatten
119GB OCZ-VERTEX4 ATA Device (SSD)
932GB SAMSUNG HD105SI ATA Device (SATA) 25 °C
466GB SAMSUNG HD503HI ATA Device (SATA) 22 °C
1863GB SAMSUNG HD204UI ATA Device (SATA) 22 °C
Optische Laufwerke
TSSTcorp CDDVDW SH-S223C ATA Device
Audio
High Definition Audio-Gerät
Firewall Aktiviert
Display Name Kaspersky Internet Security
Antivirus
Antivirus Aktiviert
Display Name Kaspersky Internet Security
Virus Signature Database Up to date
Internet Explorer
Version 10.0.9200.16521
PowerShell
Version 3.0
Java
Java Runtime Environment
Pfad C:\Program Files (x86)\Java\jre7\bin\java.exe
Version 7.0
Aktualisieren 17
Build 02
Code:
ATTFilter Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859, Zeitstempel: 0x4fd2dfec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000504aa
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0x01ce26497952eecc
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung: b97fcbd6-923c-11e2-afac-e0cb4e977cc1
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:21 on 21/03/2013 (OXOMOXO)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 21.03.2013 19:29:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free 11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32 Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.21 19:12:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt\OTL.exe PRC - [2013.02.26 19:18:28 | 008,347,272 | ---- | M] (AceBIT GmbH) -- C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.08 22:27:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.05 16:03:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.17 17:26:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.16 21:39:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.08.31 14:55:12 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.06.28 19:48:10 | 005,924,712 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.06.28 19:47:40 | 001,133,392 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.11.15 17:44:36 | 002,155,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2011.10.08 23:05:09 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.11.16 21:41:04 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.11.16 21:41:04 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.09.30 17:36:25 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.09.30 17:36:25 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.31 14:55:13 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.08.31 14:55:10 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.06.16 20:25:30 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.06.16 20:21:51 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.16 20:21:49 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.06.16 20:21:48 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.06.16 20:21:48 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.04.25 22:26:25 | 000,072,480 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.07 17:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.22 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.01.29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.26 10:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2009.08.26 10:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2009.08.26 10:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 08 42 BD 42 F2 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{06147D0B-3E6D-4F2B-9E14-73283861B7B1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3266822E-E7AC-4C78-8D31-B5C47706CED5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{35EEE4DB-B189-452C-99FE-714F13F28999}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{6AEF6E0A-71D1-4D6F-B13F-3AE1249E62CC}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=&search={searchTerms} IE - HKCU\..\SearchScopes\{96706323-4C6D-4ECA-B5A5-F54664802C08}: "URL" = hxxp://www.google.at/search?q={searchTerms} IE - HKCU\..\SearchScopes\{B49B91C3-ECC9-410B-B47E-E11BDA4787BD}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/unterensingen/DE0010738.html|hxxp://www.google.com/ncr" FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: flashkiller%40joli.clic:1.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.5.48.1 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: passworddepot%40acebit.com:6.2.4.0 FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.3 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.http: "193.27.209.200" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2013.03.04 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 21:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:27:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 22:27:06 | 000,000,000 | ---D | M] [2011.07.21 06:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Extensions [2013.03.21 16:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions [2013.02.22 15:29:23 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.03.15 23:07:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.01 23:33:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.01.14 17:58:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2013.02.23 21:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.14 23:42:54 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com [2012.05.16 19:49:14 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\Firefox\Profiles\gn5qkw1p.default\extensions\fb_add_on@avm.de [2013.03.03 15:25:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.05 18:36:15 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\anticontainer@downthemall.net.xpi [2011.07.22 10:56:05 | 000,120,125 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\dtaScheduler@forboden.com.xpi [2012.07.06 22:04:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.02.23 16:26:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\firebug@software.joehewitt.com.xpi [2011.07.22 04:56:50 | 000,028,950 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\flashkiller@joli.clic.xpi [2013.03.03 15:25:38 | 000,389,938 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013.02.10 14:10:53 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\stealthyextension@gmail.com.xpi [2013.01.29 17:31:23 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.03.07 21:57:08 | 000,348,483 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011.07.22 04:56:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.02.09 20:50:48 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2012.02.26 14:44:28 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013.03.03 22:14:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.14 23:42:51 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.21 16:19:21 | 000,014,044 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013.02.14 11:45:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.29 20:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.15 15:54:58 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.03.02 15:27:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.12.11 18:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2011.07.22 10:58:38 | 000,001,632 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\firefox-add-ons.xml [2012.08.31 16:16:02 | 000,002,492 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\ixquick-https.xml [2011.07.22 10:58:26 | 000,004,140 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\mozilla\firefox\profiles\gn5qkw1p.default\searchplugins\youtube.xml [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 22:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.04 00:17:30 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES (X86)\ACEBIT\PASSWORD DEPOT 6\FIREFOX [2012.12.20 21:03:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.10 20:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 20:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 20:08:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 20:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 20:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 20:08:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O4 - Startup: C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4D7B0E-AD50-43C6-9EDB-1996E49EC5B7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D70B23B1-6204-418A-8226-B226FD078D91}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4daec8cf-db36-11e0-8035-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5424ebd-c287-11e1-930e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.16 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite [2013.03.16 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.03.11 22:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.08 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.07 23:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.07 23:15:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.07 23:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.07 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\OXOMOXO\AppData\Local\REINER SCT [2013.03.07 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REINER SCT [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.21 19:21:16 | 000,000,000 | ---- | M] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.21 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 16:35:35 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.21 16:35:35 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.21 16:35:35 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.21 16:35:35 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.21 16:35:35 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 16:34:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 16:27:04 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.21 16:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 19:40:38 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.07 23:24:13 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2013.03.04 00:17:31 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk [2013.03.03 14:54:56 | 000,001,061 | ---- | M] () -- C:\Users\OXOMOXO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.21 19:21:16 | 000,000,000 | ---- | C] () -- C:\Users\OXOMOXO\defogger_reenable [2013.03.21 16:26:55 | 000,416,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.13 19:40:38 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.13 19:40:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.07 23:15:13 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.07 23:15:13 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.07 19:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.06.19 17:45:09 | 000,004,096 | -H-- | C] () -- C:\Users\OXOMOXO\AppData\Local\keyfile3.drm [2012.02.23 23:53:04 | 000,003,584 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.18 02:23:17 | 000,007,641 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\Resmon.ResmonCfg [2011.10.08 23:05:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.08 23:05:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.27 13:29:02 | 000,017,408 | ---- | C] () -- C:\Users\OXOMOXO\AppData\Local\WebpageIcons.db [2011.07.21 03:55:21 | 001,598,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.25 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\0D0DF0F8-33DA-4F9A-8791-81826EF95299 [2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\180CBDF2-BDFE-4255-B540-A0F91E7E97D7 [2012.08.31 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\3545EE28-CA30-4ECE-BEA7-F23E1F4175B6 [2012.06.16 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\96A33D06-B081-4822-B1D5-0C631334C615 [2011.07.25 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\AceBIT [2012.04.25 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Acronis [2012.09.26 22:57:28 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\aignes [2012.08.31 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\BB8443C7-C4A5-4787-ABD1-B0C794216D2D [2013.03.18 17:24:22 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DAEMON Tools Lite [2013.03.21 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Dropbox [2012.11.29 01:56:50 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoft [2012.04.07 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.30 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FireShot [2012.02.17 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\FreePDF [2011.07.21 05:12:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Leadertech [2012.11.11 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\onOne Software [2012.05.06 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\PreSonus [2013.01.14 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\qualys [2012.12.28 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-updater [2012.12.28 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\six-zsync [2011.07.21 07:06:19 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\Sony [2013.02.17 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TS3Client [2011.08.20 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\ts3overlay [2012.12.24 17:33:07 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\TuneUp Software [2012.11.01 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\OXOMOXO\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 19:29:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\1st D O W N L O A D S\1-P R O G R A M M S\_Trojaner_Board_\2.Schritt
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,56% Memory free
11,98 Gb Paging File | 9,78 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,21 Gb Total Space | 17,06 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 131,69 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 24,15 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 153,68 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Drive H: | 7,60 Gb Total Space | 6,89 Gb Free Space | 90,72% Space Free | Partition Type: FAT32
Computer Name: OXOMOXO-PC | User Name: OXOMOXO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1C1AA-46B6-4A6A-A57B-773ABB67B316}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B35B5A4-04C9-4F53-BAE0-80F94BDA32DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1089ACE5-0CCD-4D11-8F23-4644EEB90C59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D450791-D779-4B5C-95B7-5088A16A2DEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B7AD6D9-8652-4A49-B018-509CC3FCD9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A65425-95F4-456F-A0A7-C87C8FBA5073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B5E083F-CFDD-43DD-BBAD-E58DA707661D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BB8A7B9-CF0B-4371-BC4E-A4715C9CDBC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E5631B1-99C2-4BDC-AD2E-C37B1ECDA0EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{576ECA21-1C46-4B74-9116-80E21302E766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6037C601-55B2-4AD7-8C92-9B0F0A894CF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{603CAD2D-429F-48BD-972F-1427FE3BECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68F918A2-F7F4-4741-B0E4-E9ED7A997011}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87198B0D-E93E-4E80-9499-415A95ABEFA2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F5BAC88-D2C2-4C28-8DCF-6624F56C12A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99111059-5DAD-483B-B5CC-0B5DA5EC3AA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE0A8CBB-3BC7-4A5C-9317-740151C2675F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1563398-039F-4A23-BF87-E0B177F26DA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD05E012-345A-4BE8-BE12-5CFC1A514F17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE64A1AB-6E74-4368-A3D1-371E0BC8249F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7062837-CB90-40C3-BF61-09DB7C665F13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E73EE358-F6C8-4C23-98D7-75F05B954C59}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC97A9-1044-49D6-A8B8-4AD5CA24548B}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{034EA0EA-15EC-4713-A7BE-6C56F5F19624}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{03824658-E6E2-4F3C-B88E-902F32CD7C42}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{065276C8-0B29-4943-8CB0-9CF77252DA4A}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{074D4541-AAA1-46DC-89AE-D14B0636323F}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{08B29CBC-2EA3-4CDD-B0CD-1C2EB1B5F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A8E9838-8429-46FE-8CAC-A2F0E892E18C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E1CB3BE-3C2D-43B5-8BAC-BEBF14BB994D}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{0E96AD09-83A9-48EF-8A97-9087BF8B7877}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{114EDCEE-9B6A-44DC-9F32-8B3A1E6FD820}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{13EDB007-FEF7-4A32-8721-8ED09F72BF2C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{1589933C-91E3-46F7-A405-DB97CEC695BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\hell yeah\hellyeah.exe |
"{196B796F-1855-4D67-AFBC-1718487CF7A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19F103EA-469D-41BB-A840-25C00327DAF7}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1C336387-FD25-4C99-AF75-D9D00D20C212}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{1D0D58FE-8761-42B7-AF86-97D32002356B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{1D4A32D1-8E88-435F-854F-D7065144712B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{204FA3F0-2C5B-4AB6-8EA9-64CF95936255}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{2458B340-DF35-4331-B311-ACA81B79CBD6}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{24E1908C-3BC4-4352-AE78-A3F45EF5604C}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{29A5FDAB-E5BC-43EA-87A6-0553AB99928B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{29A73764-3868-4BAF-9323-24C4095D1265}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{2C9F2368-E4E1-48D8-B681-D8C4DB5B3441}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{2EAE3536-12C1-4A89-B538-1FFDD514460D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"{34378499-5CEA-43E9-9F40-606224B0E0FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{34901DEE-A30A-480A-8DAD-F3B09492F62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35AFC599-C634-4421-A07F-4FBE4A800186}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38EB59C9-F2B5-4DCD-A006-FA584382D73F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3ABB0BF7-AFFB-41AA-A673-313B3D348D22}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{3CB0939E-632A-44AD-857E-5BAA9E7DB73F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{3E483AB0-C0A9-4216-851C-1989F8AA8DD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{41074FE4-A061-4ED9-8BB0-FCBF3DDC02AB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{42EBE8E2-DD81-4A05-A17E-97BA119788F3}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gotham city impostors f2p\impostors.exe |
"{450D6BC3-A6D2-45D7-85E5-3B1BDF7F765F}" = protocol=6 | dir=out | app=system |
"{4731A120-FF47-4E01-8BC4-6063788FFE4C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{4799BCAD-3746-47EA-BD7E-428AD71AF188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4D2B2A59-43D9-46E6-A9AC-149009BDE9F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{4F84E32B-BD66-489A-8B39-B5D04F7E7771}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\crimecraft\steamlauncher.exe |
"{51C255D0-C33E-4323-864B-C6A6D9B89581}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{52823517-651C-456A-9164-D84048B69631}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{54D5AC0A-D788-4759-8D36-62799DD0F67D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57463554-8171-42E1-A198-5E8C285AFA15}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{57BD2394-52C6-459E-B3CE-2BED1EA18A7E}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{58683A6E-F45B-462F-B8DF-A63DB020BD2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A603016-DD13-464B-B423-EA44763351C1}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{5CC6B97A-E0FA-428E-BD5E-7C56EDF110D9}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light enter the metro teaser \smp.exe |
"{60F8EFA2-59E9-40DD-BC28-9E433FBC2F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67E7AB61-7257-443D-AC64-8E15B88A0ABA}" = protocol=6 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B53DDB6-8DDC-455B-A270-E9AF610E32A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AD076F7-2189-4680-A788-37B5832183A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EC169F4-29AB-4504-A0CC-3133583A1EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80CFFBB7-911D-4A9F-86FB-BDBB9586A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{84A916FD-511C-4E9E-B665-5B4BDCC0F4F2}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{85247B4F-F44C-4CFD-BB0D-54D25B62DF18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A3EA29-C803-428C-BE37-6BFE1A1A9280}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{8A19CC0D-20B7-47F3-8386-103530C13402}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\farcry\bin32\farcry.exe |
"{8BFED094-135D-47BA-A95E-C8D4CBA3FDEA}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\camerabag 2\camerabag 2.exe |
"{8E16E3A7-6091-4ACE-A43F-97C988CE5D24}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{9230FE4E-EB73-43F3-8830-79D109EC8151}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{92766F9D-07D8-4E4D-BDD7-98FCA29981F8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{937751A1-B3E3-4F5F-BCFD-02555D97B3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AA8775A-B12D-41BE-858D-0B73480453CE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{9BA55D57-F796-4328-87B9-5A14EB7BFEF1}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{9C12345E-7506-4FCD-B388-DB06A6A78826}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 demo trailer\smp.exe |
"{9DDA1620-300E-43FE-8A8D-9ED4E1F88675}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{9EFBF356-6798-430F-90BF-1362F483C089}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\planetside 2\launchpad.exe |
"{9F5795BA-9B2B-4636-8A94-658C08F79BEB}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{A019B2A6-B6B9-4C2A-A4F7-E92A91BF3105}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A73AEB97-7971-403D-B953-90D6D6D81FC2}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light e3 walkthrough trailer uk\smp.exe |
"{B0691EC9-7F09-4294-873E-B8EC7AC08CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B25A74D3-058E-42EB-940B-813FEED79BDE}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\portal 2\portal2.exe |
"{B3C09AE2-9498-4217-9695-4F172BE504E4}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro 2033\metro2033.exe |
"{B3E08893-0775-49FB-AEB0-262DD76E712A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B644451C-6D78-4402-9DEF-113ACBAF8597}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B760BE85-4423-46A1-85FC-1313508AB57F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{B8219290-2744-4635-813A-98CAC2DBEC13}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\warincbattlezone\rsupdate.exe |
"{B8420332-0693-4C35-B7FA-892E5CA089DA}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\qube\binaries\win32\qube.exe |
"{B9B1B8BA-2D95-4368-889A-933B9582C51C}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steam.exe |
"{BDA2268A-A376-480B-9F3B-6A93EB4E76BF}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BDB4308B-8BA3-4E08-B054-98D76BEF6FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{C009661E-1C8D-4051-B31E-CBF8A11A79AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C1C4A689-2E4E-4C17-B27D-AB6553173865}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C36AF29B-70F4-4452-A8E8-AF409BA43799}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C3700B4E-A6C1-467D-9BF6-4290CC285295}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\runlauncher.bat |
"{C6AF522A-5431-4ACC-A79C-3E5340635994}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\district 187\marblestation\glbmslauncher.exe |
"{C9C26E99-F066-4719-965B-69533C77F328}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CA7CDCD9-DDCB-4BBD-925A-2F7D122BFEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CAAFB741-B900-4BEF-9A3C-1DD7F7D79E4D}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\microsoft flight\flight.exe |
"{CB9BC41E-97B3-4EE4-92CA-9ABED9F04457}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\audiosurf\engine\questviewer.exe |
"{CB9D580C-7743-4EC6-A787-9C1C1F568B66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CC2A9358-6F22-4010-9A89-72EB98243142}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light teaser trailer\smp.exe |
"{CD12063E-3A8D-4922-A73F-FC2ED4250A8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE2520BC-C012-426D-AC91-626EE16B7E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D530C5C4-AF60-4291-9930-C8BB5A3DF1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6C24D9F-08CB-4896-B086-999BA011CB28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6D32F6E-7F14-4627-88CE-6251325CF5E8}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{DD351889-6709-469F-9475-888762BCD803}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\fallen earth f2p\feupdater.exe |
"{DDC8B000-68AD-4961-B310-04F469C5FE22}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E014BCCE-4E00-4298-8175-A36201445553}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\dxhrml\dxhrml.exe |
"{E61EE88F-B237-4AD1-A6DA-DF1D73AFDAEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDFDA0DE-B54F-4A09-B724-E3E1F1A2B170}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\deus ex - human revolution\dxhr.exe |
"{EFF71173-3810-46F0-89E3-1F2EB9BDCC9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F04E3C45-E53F-4CEC-BF2F-DB8ADF3FA4DC}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\just cause 2\justcause2.exe |
"{F59ABE4E-84BE-4240-B586-CA1FB95EF765}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{FAF2ED6D-8037-40C4-BDD2-430312E54A8E}" = protocol=17 | dir=in | app=c:\users\oxomoxo\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB2F82B8-DA2E-44F3-96F8-340ECB97C5E0}" = protocol=6 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\metro last light short film germany\smp.exe |
"{FB3A49CB-D3DC-4DAE-AB27-7CCA5038C185}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE69E48-0B7C-492E-B11A-72FC1B89CA0F}" = protocol=17 | dir=in | app=d:\s t e a m - s p i e l e\steamapps\common\ava\reactor.exe |
"TCP Query User{5088C0B5-6189-41F2-9F74-0EBF6F1233E7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E21B7AA9-140A-44BD-A5F1-F74A6136AC08}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.30
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-65fdd504-e7d5-463d-b80d-d2087eb2a27b" = My Game Long Name
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFAA49C-2B1D-4808-B43A-4AAFF0475B04}" = Plus Pack für Acronis True Image Home 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"Anti-Twin 2011-07-23 03.08.03" = Anti-Twin (Installation 23.07.2011)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Endless City" = NVIDIA Endless City demo
"ESN Sonar-0.70.0" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"ITN Converter_is1" = ITN Converter 1.78
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neolog_is1" = Neolog 1.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PreSonus Studio One 2" = PreSonus Studio One 2
"PS3 Media Server" = PS3 Media Server
"Steam App 100410" = CameraBag 2
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 107900" = War Inc. Battlezone
"Steam App 113420" = Fallen Earth
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 13520" = Far Cry
"Steam App 17410" = Mirror's Edge
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 203850" = Microsoft Flight
"Steam App 205230" = Hell Yeah!
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 214850" = GameMaker: Studio
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 221080" = District 187
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38830" = CrimeCraft GangWars
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Winamp" = Winamp
"XnView_is1" = XnView 1.99.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 05.10.2012 07:26:56 | Computer Name = OXOMOXO-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 05.10.2012 09:06:40 | Computer Name = OXOMOXO-PC | Source = System Restore | ID = 8193
Description =
Error - 05.10.2012 10:02:47 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17e8 Startzeit: 01cda2ec7cffb0ca Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 45d058fa-0ef5-11e2-b2d6-e0cb4e977cc1
Error - 05.10.2012 11:16:28 | Computer Name = OXOMOXO-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2a44 Startzeit: 01cda3021950b90c Endzeit: 10 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 95704d03-0eff-11e2-b2d6-e0cb4e977cc1
[ Media Center Events ]
Error - 22.07.2011 18:23:40 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:39 - Fehler beim Herstellen der Internetverbindung. 00:23:40
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 18:25:48 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 00:23:50 - Fehler beim Herstellen der Internetverbindung. 00:23:50
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 19:25:51 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:51 - Fehler beim Herstellen der Internetverbindung. 01:25:51
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 19:26:00 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 01:25:56 - Fehler beim Herstellen der Internetverbindung. 01:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 20:26:02 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:02 - Fehler beim Herstellen der Internetverbindung. 02:26:02
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 20:26:08 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 02:26:07 - Fehler beim Herstellen der Internetverbindung. 02:26:07
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 21:26:20 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:20 - Fehler beim Herstellen der Internetverbindung. 03:26:20
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2011 21:26:29 | Computer Name = OXOMOXO-PC | Source = MCUpdate | ID = 0
Description = 03:26:25 - Fehler beim Herstellen der Internetverbindung. 03:26:25
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 19.03.2013 08:10:39 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 19.03.2013 08:13:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 19.03.2013 16:30:21 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description =
Error - 20.03.2013 08:57:47 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.03.2013 19:33:59 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:03:13 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:15:57 | Computer Name = OXOMOXO-PC | Source = DCOM | ID = 10010
Description =
Error - 21.03.2013 11:17:12 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.03.2013 11:27:03 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 21.03.2013 11:27:25 | Computer Name = OXOMOXO-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-21 20:00:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 OCZ-VERTEX4 rev.1.3 119,24GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\OXOMOXO\AppData\Local\Temp\uxliyfoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000103c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000103c08 3 bytes [C0, 06, 02]
.text ... * 110
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff960001bb878 8 bytes [00, 98, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_hGetColorTransform + 468 fffff960001bba88 8 bytes [D0, 98, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngReleaseFastMutex + 8 fffff960001bc538 8 bytes [D8, A7, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetLastError + 792 fffff960001bc8d8 8 bytes [BC, 9E, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngQueryPerformanceFrequency + 8 fffff960001bce08 8 bytes [B0, 99, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFreeSectionMem + 76 fffff960001bcf28 8 bytes [E4, B0, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398 fffff960001c291a 6 bytes {JMP QWORD [RIP-0x17aa38]}
.text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff960001c4448 8 bytes [E0, 9B, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 40 fffff960001c8d98 8 bytes [60, 9A, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateRectRgn + 48 fffff960001ccfc8 8 bytes [F8, 9F, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304 fffff960001cd8c8 8 bytes [1C, A1, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateDriverObj + 164 fffff960001e7878 8 bytes [E4, AB, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44 fffff960001e78d8 8 bytes [78, 9F, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16 fffff960001fe118 8 bytes {CALL QWORD [RAX+0x36aaa6c]}
.text C:\Windows\System32\win32k.sys!EngUnmapFile + 944 fffff960001fe7e8 8 bytes [D4, A3, 6A, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8 fffff960001fe7f8 8 bytes [E0, A2, 6A, 03, 80, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000773afa88 5 bytes JMP 0000000172a2139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0018 5 bytes JMP 0000000172a21a54
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072671a22 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072671ad0 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072671b08 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072671bba 2 bytes [67, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072671bda 2 bytes [67, 72]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Users\OXOMOXO\AppData\Roaming\Dropbox\bin\Dropbox.exe[3176] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766b1465 2 bytes [6B, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766b14bb 2 bytes [6B, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158341bdb3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x70 0xB6 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x83 0xEB 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x22 0x3D 0x7C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158341bdb3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x70 0xB6 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x83 0xEB 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x22 0x3D 0x7C 0xF1 ...
---- EOF - GMER 2.1 ----
|
| Themen zu SHELL32.dll, Version: 6.1.7601.17859 // Windows Explorer Absturz // Kompletter Systemcheck |
| absturz, adobe reader xi, computer, ebanking, explorer, install.exe, internet security 2013, intranet, jdownloader, kaspersky internet security 2013, launch, ntdll.dll, plug-in, safer networking, scan, shell32.dll, systemcheck, trojaner-board, win32k.sys, windows |
Baum-Darstellung