|
Plagegeister aller Art und deren Bekämpfung: Delta SearchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.02.2013, 16:32 | #1 |
| Delta Search Hallo Zusammen, Ich bin neu hier auf dem Forum neu und weiß auch nicht so genau wie das hier alles geht, habe aber trotzdem folgendes Problem: Normalerweise habe ich bei meinem Browser (Chrome) wenn ich einen neuen Tab öffne mehrere Optionen um schnell zu bestimmten häufig benutzten Internetseiten zu gelangen. Aber seit geraumer Zeit öffnet sich dann eine Seite, welche sich "delta-search" nennt. Daraufhin habe ich den begriff gegoogelt und bin dadurch auf diese Seite gelangt. In einem Beitrag hier auf der Seite habe ich dann gesehen, dass es tatsächlich eine Bedrohung ist und nicht nur eine falsche Einstellung (wenn ich das nicht falsch verstanden habe ). Da ich wenig Ahnung von sowas habe kann ich auch nur wenige Informationen geben. Ich hab Windows 7 der Link der sich in dem neuen Tab öffnet ist folgender: hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=NT_ss&mntrId=d0c9404b000000000000bcaec51fc960 Kann mir vielleicht jemand sagen ob das gefährlich ist und wenn ja wie ich es loswerde(auch wenn nein -.-)? |
17.02.2013, 17:28 | #2 |
/// Malware-holic | Delta Search hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
17.02.2013, 18:44 | #3 |
| Delta Search Extra.txt :OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 17.02.2013 18:20:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free 8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32 Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0004D1D4-7C1D-439A-9AC2-73BADBF4BABE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{02EC4184-1D8D-4721-B107-84BCEED9E38D}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher | "{0F9C5222-A2CB-45CE-A81A-6F347A4AC8C3}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{101716D3-F6E2-4451-ACDB-AC6F538A4D96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13AD776D-FF48-407E-9BCB-16A2B0811D41}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{1A3A62F1-75BE-4E40-8D0B-D874DEB4DD3F}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{1BF2F4DD-D86A-4B66-B947-C41EA1857679}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{1D494022-49A7-43D9-90C9-8B07562F5726}" = lport=445 | protocol=6 | dir=in | app=system | "{1D6AE5F7-FBF6-487B-8FBB-8B36032E715C}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{1DB4B824-1C3E-4CFC-84FA-83675FD0B896}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{211E6D07-3E65-4F57-9CA6-1EB2A808D35A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{269A2751-ABC6-4F73-9F3F-1571FF843172}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{3389899B-924D-4462-AB99-9840098CB0F1}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{39EE4BF7-CEC0-4544-ACA4-E2CCD2EE00CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{402BD922-BCD0-432B-9457-54D7674073DF}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{403C6378-3526-421C-9A58-87985E6C5F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{42F97396-329F-4396-9BB5-7B4D336FA343}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4356454A-562F-489C-9B94-9EB6F5F6E802}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A77A798-8E0B-49C9-9032-E0BBC70C65B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F0E567E-10F9-4817-8A5F-01D2915D92DE}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{4F913FBF-70E4-438B-8798-55D6E03E5844}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{55C15EF0-B7C4-40D9-AB55-CEC1524261AE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{565302E7-50B5-47A0-B958-78C962BC6B4A}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{5BB57A53-C30D-4A42-950F-072CC8E36515}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E671F99-7A67-44E5-92B7-47DEB0043494}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{5EE1EE5F-F15C-47A2-B1D8-B9345E570AD9}" = rport=138 | protocol=17 | dir=out | app=system | "{5FC4901E-3E89-43E3-9447-48328B157119}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | "{6AF57DE6-BEB0-404C-ABCF-4FF9ADF10766}" = rport=445 | protocol=6 | dir=out | app=system | "{6B4162F7-9FDA-4756-B403-C51CCCBD6102}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{6EAB66C3-9236-4B86-BF37-C95E56AC9B2A}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher | "{72EC5A5F-1734-49BC-9A5C-339D864413CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73468179-96AC-4FE4-8529-80DFF9EDF8CB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{77A83711-2A5F-4881-8612-0AE6DD66A55B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher | "{828AE39E-73B1-45D9-BA00-F13AECE909EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{844BE3CC-131E-4390-BACD-DDA785B1277C}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{85BE460C-EE1D-4E63-AF47-85EA91191709}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{8D2E9C12-417E-4803-8848-33A742E568BB}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | "{8DA38AB9-C7FF-4E1E-B320-108ED6F72F06}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{8F72FE1E-C1B0-4D63-AF84-C48D656EE208}" = rport=139 | protocol=6 | dir=out | app=system | "{92276009-1EDC-4208-9625-312EF3106E70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{94490359-077B-45D2-93CB-1FC0FFDAF1CE}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{99E15819-2E57-44E2-91BD-FD422B13431C}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{9F8FCA73-C74A-4B77-B807-4F64634658C9}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{A70200DA-CBDC-4D01-9EA9-FE26692B2254}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{A723A777-6730-4EC7-A270-476F0A337794}" = lport=138 | protocol=17 | dir=in | app=system | "{A9DA389D-E390-4D60-9A52-A2ACAC0A14CC}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{AB4E21BE-ADC7-4084-8972-88AEB87227F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{B81A208B-7E52-4C40-B6A5-9F98CC77A777}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BCBF06F4-3B83-4345-90E9-31E97D4819DD}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{C19FA696-06B4-4E67-AE79-B739B552CAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C247F239-EE02-4BE9-9DDD-3ED2F4238D53}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C29E5065-C628-43CC-9BA6-D5787355FB1C}" = lport=137 | protocol=17 | dir=in | app=system | "{C60F6142-3146-4DAD-A7FA-B0A827356E1C}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{CB53453D-9A69-42EC-8A73-E3F5477AEA4D}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{D0050D77-1CDD-44DC-887A-E76CDC913423}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{D0B29A25-9ED4-4AA8-9813-79B3A627ADCF}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{D51EF82A-AC47-4379-8256-02FB222E137D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D93A9DD6-DBAA-42ED-980F-B23D45275136}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DA59523C-DE3E-4158-9B17-34530DF699C6}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{DE1DC2E5-7BD5-4B96-8C30-5D1EB9554553}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher | "{DE517CF6-DC49-4A66-85B1-BCD40511EF22}" = lport=2869 | protocol=6 | dir=in | app=system | "{E0EEA43C-9E6E-46B1-9856-EA03C55ED970}" = lport=139 | protocol=6 | dir=in | app=system | "{E7251563-B0BE-4380-B774-2F7A90CBC080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E88827D8-A6DE-4645-A31C-12308E3CBE01}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{E88A4404-0D01-4DA1-A840-4E57B9F8D157}" = rport=137 | protocol=17 | dir=out | app=system | "{EA5DDB95-A75F-4C61-9356-528B7AED3AA9}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | "{EC937532-23CB-40C8-ADD3-ED4596CBC9D4}" = lport=10243 | protocol=6 | dir=in | app=system | "{EE7D1491-1032-433A-B1FD-2640F5EB648D}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | "{F05CB8C4-DC42-4E06-AC72-420F5F933059}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{F19AA354-9BDA-49FB-9B77-DA79D05A311D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2E703D7-CB72-42E9-A4D1-7B555225AD87}" = rport=10243 | protocol=6 | dir=out | app=system | "{F5B52E19-E1D4-43EE-9D81-0824B9BF153D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB4C8005-FA4B-4084-A149-9CE1BD7CB5D8}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | "{FD98167C-5751-4784-AD3C-16F5E9BDCB4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002E230E-9F97-41FF-B43B-9D7CB5EC0C79}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{01BD3913-61EF-4E58-8E44-585B6641DA6E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{07623436-2967-4A9C-9353-860640B4D2C8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{092655B3-5159-4DD2-ABA9-5776845783FF}" = protocol=17 | dir=in | app=d:\game\league of legends.exe | "{0B7C7E2C-A8C7-4409-AB51-4F25CE096FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{0C3694CD-3F02-40F0-818C-8A3D22C8CA28}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{0F9DC20A-BCCE-48EA-A3C6-11C05573539B}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3.exe | "{12FDC3AD-E32E-41CE-8260-D1802C24D03F}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3updater.exe | "{16BBEC4E-B174-4E8A-BB3E-DCB81EA55CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1A93A7E6-B7D9-4063-BEE1-1147BC45B6C2}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{1B40CE28-F164-419A-93A5-1884FD309BD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1BC10F23-CB84-4D6D-B005-67DEEE8262A1}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6sp.exe | "{1C3905D5-B65A-49B1-B5E9-3578BF4814BF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{1D5A4EC0-3125-4F15-8848-110E00BDD09C}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{1E4CA50A-7488-4CBC-9589-24C33785A288}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1F8539C1-3EB1-4FD3-B335-311EA68B285B}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3updater.exe | "{2073E85E-564B-4BB6-AB22-2D9B80B4AD2B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{239AFFEB-533B-430A-9C12-A1B220F861D9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2794F90A-8322-4052-8B05-052E417BE332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{29719B45-904A-4A0C-96CE-BD567B84A50A}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\dota 2 beta\dota.exe | "{29F85232-5526-4552-AFB6-D82EC03BD7F2}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwawmp.exe | "{2B5CDDBD-8C70-42A5-AAB9-7A7981CFC8DD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{2BC269E3-6B05-4879-9974-D56B9C6E8945}" = protocol=6 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | "{2C111A5D-DD65-4754-BBB3-B84E57E04A30}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3y.exe | "{37E331AA-41B9-4B22-9665-56B87813C7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{39ACF639-8871-43DB-8BB2-61DBE6AEC45D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{3A2753E1-F029-4300-ACE6-B41F3A7697A2}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{3B789C75-8743-444D-BA36-9CBF5A5988BC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{3D040046-9A57-4835-8A18-151810ECBE09}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3y.exe | "{3D853FA6-5498-4BB0-B908-D387798E617D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{3E7DF919-47C4-4749-9646-2EC06934F484}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwaw.exe | "{40769E4C-B275-4877-ADF1-0B95F176A77C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thestriker1997\counter-strike source\hl2.exe | "{40D0165B-1D2D-4692-8F03-E080524B471D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{410BEEFB-EF12-4B55-8CB2-74A76146F87B}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{442B7058-2FF0-4468-93C5-A2B4E3554D02}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{476972F8-E735-468F-9B6A-85E945F02E89}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3editor.exe | "{49EC5A3E-D083-4957-AB58-DD420C1538C6}" = protocol=6 | dir=in | app=c:\program files (x86)\slysoft\game jackal v4\commandcenter.exe | "{4B5586F1-2E50-4F4A-B24C-D5B7915760C4}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{4BA5D6D8-7E09-40DC-A77C-57C337C70759}" = protocol=17 | dir=in | app=c:\program files (x86)\slysoft\game jackal v4\commandcenter.exe | "{50018CC4-C3DC-40D4-9438-68D55DF2B23E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{524C8A17-EA50-44A8-B75C-34720B05F352}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | "{530EDF21-4F2D-4BF1-BAAD-CBFB09762E58}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{539634BA-D093-4D41-94FF-858AEEFCC8F4}" = protocol=17 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | "{544552D9-32E0-400D-985C-7F38E088D587}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{5619D2D6-C260-4D69-B237-0C7E0280E5AE}" = protocol=6 | dir=out | app=system | "{578C7233-C89F-4CE1-88BA-FCD39C490B50}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3mp.exe | "{58A6CA9B-8C0B-456E-BA99-3D1E1E73BC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{5A3FE028-00DA-43F6-BBE1-A5F179C482F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{5A4931F4-4AC5-413C-8AC6-A1ACE0EA3249}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{5A537A8E-EE75-4175-920A-39FFB9DC9A0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5C246CE8-C4BD-4637-BDD6-E2710ECF3B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5C947677-9EEB-4233-BF3D-40ACC2F93C17}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\the binding of isaac\isaac.exe | "{5E2A7ED8-3513-4E51-9F25-82C857B7862E}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{5E3D637B-38B6-4495-8BF8-E022C59DCBB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5F3372B9-0BAB-474A-88D8-14F9D69A4D5F}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\dota 2 beta\dota.exe | "{5F4D6E9B-FB63-42B7-8CF1-A5838B4455AC}" = dir=in | app=c:\brickforce\brickforce.exe | "{5F9B5734-1B54-4F05-AA07-11AC18E4DAE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6072C6E7-EFCD-43F6-B8BD-93A152B9D2F9}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3editor.exe | "{60838268-C4D3-4B60-B87B-93986FA7804D}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3sp.exe | "{61D4B963-B7B2-41A1-8874-8B9B975F0871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{62FDF750-73E8-4E49-B0C7-7A225853FB49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{63F58072-2D93-468F-977C-AD6530977BA2}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwaw.exe | "{64554E4A-52C6-4A7E-AB00-BF9C0E26798B}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{64825BEB-FE3A-4DDC-A945-237E197E400E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{6567E03E-48D3-4089-8646-7CD453C7740C}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{67DD1B56-FEF1-459F-8AF9-B5E714FA11F4}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6mp.exe | "{6806AC9E-3948-4E37-98AE-DB50FA96D155}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\portal 2\portal2.exe | "{68446B68-F901-40F5-A2CB-BA646EEC5DDE}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6zm.exe | "{68EAF1DC-C73C-4E99-AC3F-00E1586B4BAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6967B7B3-678D-4A4E-BA78-B5B139E484F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{69EE826F-C7BB-45AE-9F47-755B11AE7136}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3.exe | "{6B8ED52B-4256-40F9-A1F7-94EE0F00CCF8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6FF930D1-5AAB-4E6E-9DB7-260E7DE57826}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{71DEFA50-3FD9-42D5-A14C-94D13D92BD6A}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe | "{72807F1E-C848-451F-819A-066C6A41DB38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{76627BB7-1506-4569-9C31-86B0A23A32EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{774D9322-BA59-43E6-A77A-4F65569FB87A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{78800C86-7CB9-4628-A0FC-BF512C6FC699}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{7BFC45E7-ACFD-46DB-93AB-C5F68AC6A7F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{7D3F0EB3-6AC6-4030-9D46-04873452CF52}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{7E6B2EA6-C78F-4717-B431-D62399EE3CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{7EB06DF8-7DA9-479B-91A0-4D95814D1DF0}" = protocol=6 | dir=in | app=d:\game\league of legends.exe | "{8076BB8F-F01F-471E-95A4-CA64F48D6C32}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6zm.exe | "{810DAC34-8984-4E2A-95B1-FF2DA105DBDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{813ED54C-512B-4D79-8CF0-CF8787AB0192}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\left 4 dead 2\left4dead2.exe | "{820C40BD-A7CB-45D8-A92B-1E1BA02F42AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thestriker1997\counter-strike source\hl2.exe | "{82D840D7-2F80-4242-A32D-7FEFE4A068BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8346F1CB-254C-4ECE-8B71-0A1C0D2B970B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{848CE9FB-8D98-43D1-8C5B-52301B3D7419}" = dir=in | app=c:\brickforce\bflauncher.exe | "{8A2AF7E2-D715-4E09-9DA1-DCBEF95EC1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{8A39F2FF-3672-4DA8-8EEB-D7A0851DB953}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3mp.exe | "{8A913AEA-6D91-4023-A793-E1F1A110B3D9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{8F10CF53-3C3E-4343-8359-83A82901E42B}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{8F3353F0-D5E9-4C5A-9EDE-4AAD40C99470}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3x.exe | "{9115D582-F1CF-4C45-9064-F07DC80CB3AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{93E7B15A-43B0-4CE4-B96A-DD93FA033E6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{94918DDD-6672-48D6-ACAE-7588D3DF9AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{95AA44A8-33B0-4106-AFDE-78DD2ECBFCA2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{98F792E9-3199-45F4-94A9-4D5531D02B98}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6sp.exe | "{99987E01-C4AD-43DC-9E49-9A56EAD6D855}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\skyrim\skyrimlauncher.exe | "{9B657894-5C5D-4CE8-9DF2-E10935BF9695}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\magicka\magicka.exe | "{9E7847A7-8949-4B26-B639-28C45EA2EFB5}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwawmp.exe | "{A2FF97BA-347F-4EED-AE8E-EE2BDDE9DF9B}" = dir=in | app=c:\program files\eslwire\wire.exe | "{A3ADDEC6-1451-4C35-AC28-D492B30100E6}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{A448823B-8A3E-4EE2-ACAD-323B97D72C58}" = protocol=6 | dir=in | app=h:\steam2\steam.exe | "{A762AFDD-12BD-4C97-A027-F71AA409E454}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{A81EAA5B-D076-4167-A58A-B4CC2BD0497E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9D93C0B-9298-493E-BADD-BB85FFB797D2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{AF0D3397-EFB9-4FF8-AAB7-1D6E8A7D7BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{AF73930B-7E78-4676-B403-37B0248C2999}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\dustforce\dustforce.exe | "{B0778CE6-72C8-4563-A330-9A191F841D32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B0951123-08EB-4E92-8051-EDBC98C8FEB9}" = protocol=17 | dir=in | app=d:\air\lolclient.exe | "{B12E7812-F963-4967-8079-35F5D5C94E18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{B1F5F16C-ECC9-44F2-959C-729B9589A323}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{B4EB7B6A-C576-4946-BB4B-B2AEE6B62233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{B5608B40-8832-44F0-9855-D510A4C9147C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{B63E5109-3F9B-443D-8EBD-58CE45533CC9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B88E59D7-AAFA-4947-BD42-1291706814A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B8A3276B-CA35-4276-831A-CC840E025FDA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BC617229-D0DC-4D65-85F9-5E5B16B2FEFD}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\portal 2\portal2.exe | "{BD57D1FA-3583-4F5A-95B3-5605A3A2A311}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BD86C6F2-3B42-4608-9AF1-24C4EA04C886}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{BDAADDAE-2599-43A2-A4A6-0D8DBD951F50}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\left 4 dead 2\left4dead2.exe | "{BE0754A4-8169-43D5-8E9C-BC85F7288451}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BF006B58-96DF-4C85-AC5F-41A1D8BFE618}" = dir=out | app=c:\program files\eslwire\wire.exe | "{BFF6D32E-A789-402C-8C2C-D132CE3B4467}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\magicka\magicka.exe | "{BFFB676F-1A03-4B15-BBD0-106C31AE98AD}" = protocol=6 | dir=in | app=d:\air\lolclient.exe | "{C200A738-2BE5-4594-A605-3EEAC7CC3620}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\skyrim\skyrimlauncher.exe | "{C5F6F5CF-3742-448B-9A65-5F809E7878B0}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\dustforce\dustforce.exe | "{C6BC24BC-158D-4E77-A63D-115BA0624F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{C7A375CF-72CA-4E9F-B9CA-A4118EE94791}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\batman2\runlauncher.bat | "{C8437489-7E2D-485A-A242-C8E74463518E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C8CD0971-DE01-4E57-99B5-BCF1B9641982}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe | "{C95486CC-1703-427F-960A-3A2E9E1D81ED}" = protocol=17 | dir=in | app=h:\steam2\steam.exe | "{CA1FC3BD-4485-4186-AE1F-A43D436DD12B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{CAECC075-FDBB-48B9-AB89-9485A58723C9}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{CC6D5C51-9210-43B1-B2ED-426B06082DE0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{CDA1A1C9-E6AA-4562-B711-0CE5D26106F5}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\batman2\runlauncher.bat | "{CE49F1E1-4326-4455-B9ED-E063C18C2666}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\batman2\binaries\win32\batmanac.exe | "{CEE0EF52-0C4A-409F-A9C1-D2EF27D6BCF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CFFF4F33-86D6-405D-A8C2-42B314125F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D0013C59-25C7-40DE-A9AC-DD5A1762DACA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{D063651B-EFB6-46C5-88EA-7E35C1DB6D02}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{D125FBDE-4548-423E-ACD8-7E77BC3BB0C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D1BFE911-D760-4D0C-9996-519050FD8E8D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D58033CE-3FD9-4323-9B7B-44EC2074B810}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D608CBD2-78FD-439D-B718-BCD9795A0DD6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DAE24800-C4C3-4B51-85BE-3B8DBA7F833C}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3.exe | "{DCC57CAA-AE07-49F2-9DE7-294F41F4C060}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\the binding of isaac\isaac.exe | "{DDA228EA-167D-4080-BE75-D51C35CE63D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DE45F69D-3287-467C-ABDC-A75BECDED052}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DE806A31-ADB8-47FF-A2F6-FA09617CA349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{DFB654C5-4A52-41CD-ABAD-729674B383CB}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3.exe | "{DFD14552-1A3C-42C5-BA0D-304BF9469CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | "{DFD59F54-D1A6-4331-B25F-7236520CBCEC}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3sp.exe | "{E0F4DC0D-6DFF-4522-84CC-3BB0A171B169}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6mp.exe | "{E31689B6-31D0-4584-826A-3709B8A8937A}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{E6F8DFE2-85CA-4CF0-A647-FE373FFB9144}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{E79826AC-12BC-4947-B488-1B0FCBAD5C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8D6C0CB-621C-49D8-AD07-86202B0724B6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{EDACF077-CFDA-4BF0-9A13-BBB8111B4040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F2D0C6F6-4B34-44AF-9874-EE912F83F73A}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{F3AB6CEE-413A-4C89-B668-3D631BB4C644}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{F3E49DAC-DC36-4CB2-83A1-2B3FADCA8BE1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F5B765E1-49A5-4655-96AD-A5DFD8185D2A}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | "{F9F35AD3-575A-45F8-B2B7-B0108C803977}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{FA3C3030-0FA5-4DB9-B0B5-D3A18F7864AF}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3x.exe | "{FB5C57A7-C87C-4B0C-A4BE-5334BB018250}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{FD20FF76-9F44-4666-A781-FB0745AE7F7D}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\batman2\binaries\win32\batmanac.exe | "TCP Query User{0469A7CB-6C31-4D50-A4FA-10B3C198A93B}D:\spiele\lol\lol.launcher.exe" = protocol=6 | dir=in | app=d:\spiele\lol\lol.launcher.exe | "TCP Query User{119DCA6D-6BB6-4832-B1F3-631ED61D4ABA}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | "TCP Query User{11FF2CE5-3F11-4EDE-A4CA-C3C62A652BF0}D:\spiele\d3e\b-dead2\deadspace2.exe" = protocol=6 | dir=in | app=d:\spiele\d3e\b-dead2\deadspace2.exe | "TCP Query User{1D0D9C34-1E31-4E31-A8E3-611D433F4A89}C:\microvoltsdownloader\mvdownloader.exe" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | "TCP Query User{224FC3EB-146D-47AA-94D8-D16D15D2014B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{2E94C670-8BF8-41D8-AFA0-77E4632F65FD}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | "TCP Query User{36DEE5DD-1294-429C-A8AF-4394824C31C3}D:\1\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\1\spiele\borderlands\binaries\borderlands.exe | "TCP Query User{39794D68-BE59-4277-AB5A-81CC38401CB0}H:\alice.exe" = protocol=6 | dir=in | app=h:\alice.exe | "TCP Query User{3EC44F44-5CA2-4C04-AE96-7B935BD9E240}D:\lol.launcher.exe" = protocol=6 | dir=in | app=d:\lol.launcher.exe | "TCP Query User{3FB6DEF0-1DF0-4B46-AC6A-220A64F73A74}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{46226058-1645-4523-BCC8-F55175672CD5}D:\aiw-client\iw4mpold.exe" = protocol=6 | dir=in | app=d:\aiw-client\iw4mpold.exe | "TCP Query User{666F118D-106F-4350-AECE-07FD275088A5}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | "TCP Query User{7A543912-4E9C-4307-9FB0-4F5736315957}C:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe | "TCP Query User{844C3F7F-3BC9-43F8-86A0-7556E6C2F6EC}C:\users\timo\desktop\deadspace.exe" = protocol=6 | dir=in | app=c:\users\timo\desktop\deadspace.exe | "TCP Query User{A1C28200-3104-46AF-BF49-99B7DDFD7964}D:\lol\lol.launcher.exe" = protocol=6 | dir=in | app=d:\lol\lol.launcher.exe | "TCP Query User{AD85BE19-A06A-46B1-8155-18AED0D7E6B1}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "TCP Query User{B20CB7AA-7548-45DA-9CF4-1D851E61BC1E}D:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=6 | dir=in | app=d:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | "TCP Query User{B76458D6-0195-4FAC-BB0A-09A84E71B002}F:\crack\deadspace.exe" = protocol=6 | dir=in | app=f:\crack\deadspace.exe | "TCP Query User{BABCEA7F-09C6-4A04-AB11-579C5B4D853B}D:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=6 | dir=in | app=d:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | "TCP Query User{BB64D108-78AF-4F48-A37C-84C36F45F536}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | "TCP Query User{BEBC485C-EE41-4ED1-B5DD-FE73D3E57C40}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{CB1BF9D8-1EBF-454F-B766-7C8A1D315D71}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{E5AD9F0A-B09E-4EEF-A62C-0B98AA84BADD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{E7C5EBE4-8CB7-46A5-B095-FF78C2A60849}D:\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\spiele\borderlands\binaries\borderlands.exe | "TCP Query User{F4EAA273-7629-4BE2-B43D-8D25E1E2EEDF}D:\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=d:\aiw-client\iw4mp.exe | "TCP Query User{FDC45A61-25A4-44B5-970E-964BB1516D7C}C:\users\timo\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | "UDP Query User{06AED980-5E26-446A-877B-FA2B7BD06E59}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{12150096-EBD5-485A-8488-75A9E9358422}D:\lol\lol.launcher.exe" = protocol=17 | dir=in | app=d:\lol\lol.launcher.exe | "UDP Query User{2DF4F790-BEBF-4DF0-AC19-F2DF1A33E83C}D:\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=d:\aiw-client\iw4mp.exe | "UDP Query User{2E95D81F-09A6-4E77-AA88-4A0C93CC28C3}C:\microvoltsdownloader\mvdownloader.exe" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | "UDP Query User{37A7BD79-D873-43DF-BEC8-46698323B188}D:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=17 | dir=in | app=d:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | "UDP Query User{3EE04D07-7ADA-4D9E-A37D-429365B8065C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{41A360E7-4D1D-4477-B208-C723D925FD2B}D:\spiele\d3e\b-dead2\deadspace2.exe" = protocol=17 | dir=in | app=d:\spiele\d3e\b-dead2\deadspace2.exe | "UDP Query User{49110932-5619-43A1-961C-E9D614C0E402}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | "UDP Query User{5ADA6E11-F3E9-4EC7-AF02-BB9BF71B808B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{6007D1D0-7BBC-4D43-8DE1-3E4F20A326DE}C:\users\timo\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | "UDP Query User{7712E02E-09D8-4042-B14C-FCE8E2B7C814}D:\lol.launcher.exe" = protocol=17 | dir=in | app=d:\lol.launcher.exe | "UDP Query User{77ECBC81-046A-4983-A156-0B7EFE956B32}C:\users\timo\desktop\deadspace.exe" = protocol=17 | dir=in | app=c:\users\timo\desktop\deadspace.exe | "UDP Query User{7F8705AB-9A9D-4B80-AA98-258BCA379693}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | "UDP Query User{87216C76-9199-4AC9-95E1-7DBCA5CCE36D}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | "UDP Query User{940E10F9-8101-4B29-9242-3CFE7448F2D6}D:\spiele\lol\lol.launcher.exe" = protocol=17 | dir=in | app=d:\spiele\lol\lol.launcher.exe | "UDP Query User{9B0DE7C9-E0F7-499C-9ADF-9CAAE5A57AC0}F:\crack\deadspace.exe" = protocol=17 | dir=in | app=f:\crack\deadspace.exe | "UDP Query User{9EE2D42F-0CE9-43F0-BFAC-17F648B9D818}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | "UDP Query User{A7E2AA05-E895-431F-9A01-D6507CB01847}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{B07F51A0-EA97-4BB2-B36F-3FD7EFE57A20}C:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe | "UDP Query User{B8AAEA36-EA0C-4A9E-A465-41AED212B89B}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "UDP Query User{C4A79896-0316-410E-A61B-C9874D81B929}H:\alice.exe" = protocol=17 | dir=in | app=h:\alice.exe | "UDP Query User{CCF99016-E259-4DE4-923A-E5DD39FFEA71}D:\1\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\1\spiele\borderlands\binaries\borderlands.exe | "UDP Query User{CF9D88B0-AD56-4873-9C1E-5AACE5574E99}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D5914569-8A5D-4606-8F6D-423862F5036F}D:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=17 | dir=in | app=d:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | "UDP Query User{D90750AA-0334-41C8-803E-8DFE7AA4D97D}D:\aiw-client\iw4mpold.exe" = protocol=17 | dir=in | app=d:\aiw-client\iw4mpold.exe | "UDP Query User{D931C4D5-9C2D-46DF-910C-6E9A1035B903}D:\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\spiele\borderlands\binaries\borderlands.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0 "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "ESL Wire_is1" = ESL Wire 1.14.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08C065AD-FF57-4422-AB5F-4B6B000B7696}" = S4 League_EU "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2649AD59-23CF-4862-93F1-3AAE27F646A7}" = S4 League_EU "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11 "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{577F714E-6F8C-4257-B936-58D0CF85F314}" = Green Line 4 Sprachtrainer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1" = Drakonia Configurator "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = Canyon USB2.0 PC Camera(0050.2009.1224.3006) "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant "{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM "{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "BitTorrent" = BitTorrent "BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar "BrickForce" = BrickForce 1.9.87 "CloneDVD2" = CloneDVD2 "Combat Arms EU" = Combat Arms EU "conduitEngine" = Conduit Engine "delta" = Delta toolbar "Diablo III" = Diablo III "DivX Setup.divx.com" = DivX-Setup "dlancockpit" = devolo dLAN Cockpit "dlanconf" = devolo dLAN-Konfigurationsassistent "dlanwlancfg" = devolo dLAN Wireless extender Konfiguration "dslmon" = devolo Informer "DUMeter3_is1" = DU Meter "easyclean" = devolo EasyClean "easyshare" = devolo EasyShare "Fraps" = Fraps (remove only) "FreeArc" = FreeArc 0.666 "FreeFileViewer_is1" = Free File Viewer 2011 "Game Jackal Command Center v4_is1" = Game Jackal Command Center v4.1.1.2 "Google Chrome" = Google Chrome "Gorky17" = Gorky17 "iLivid" = iLivid "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "Notepad++" = Notepad++ "Origin" = Origin "PriceGong" = PriceGong 2.1.0 "PunkBusterSvc" = PunkBuster Services "Registry Mechanic_is1" = Registry Mechanic 10.0 "Resident Evil 4_is1" = Resident Evil 4 1.10 "Rockstar Games Social Club" = Rockstar Games Social Club "Searchqu 406 MediaBar" = Windows iLivid Toolbar "ShoppingReport2" = ShopperReports "ShotOnline" = ShotOnline "Steam App 10090" = Call of Duty: World at War "Steam App 105450" = Age of Empires® III: Complete Collection "Steam App 113200" = The Binding Of Isaac "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 218" = Source SDK Base 2007 "Steam App 40800" = Super Meat Boy "Steam App 41000" = Serious Sam HD: The First Encounter "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42910" = Magicka "Steam App 48000" = LIMBO "Steam App 550" = Left 4 Dead 2 "Steam App 570" = Dota 2 "Steam App 57400" = Batman: Arkham City™ "Steam App 620" = Portal 2 "Steam App 65300" = Dustforce "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 7940" = Call of Duty 4: Modern Warfare "Sudden Strike II" = Sudden Strike II "Surf Canyon" = Surf Canyon Search Engine Assistant "Trusted Software Assistant_is1" = File Type Assistant "Uniblue RegistryBooster" = Uniblue RegistryBooster "Uplay" = Uplay "VirtualCloneDrive" = VirtualCloneDrive "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinRAR archiver" = WinRAR "WolfTeam-DE" = WolfTeam-DE "Worms Reloaded Full-Rip" = Worms Reloaded Full-Rip 1.0 "Worms Reloaded_is1" = Worms Reloaded "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "Akamai" = Akamai NetSession Interface "FoxTab PDF Creator" = FoxTab PDF Creator "Game Organizer" = EasyBits GO "NetAssistant" = Freeze.com NetAssistant "soe-PlanetSide 2" = PlanetSide 2 "soe-PlanetSide 2 PSG" = PlanetSide 2 "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.02.2013 11:28:13 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 13.02.2013 13:30:30 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511b3a1d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f435c61 ID des fehlerhaften Prozesses: 0x114c Startzeit der fehlerhaften Anwendung: 0x01ce0a068f446c9c Pfad der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0f7424e1-7603-11e2-bc3e-bcaec51fc960 Error - 13.02.2013 15:09:42 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511b3a1d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f435c61 ID des fehlerhaften Prozesses: 0x1bec Startzeit der fehlerhaften Anwendung: 0x01ce0a19b0e8f5d7 Pfad der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: eb83e588-7610-11e2-bc3e-bcaec51fc960 Error - 14.02.2013 07:52:56 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.02.2013 08:38:44 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a2caaa ID des fehlerhaften Prozesses: 0x1c54 Startzeit der fehlerhaften Anwendung: 0x01ce0aacf09186c9 Pfad der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe Pfad des fehlerhaften Moduls: H:\planetside2\PlanetSide2.exe Berichtskennung: 778425aa-76a3-11e2-9891-bcaec51fc960 Error - 14.02.2013 14:14:44 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ed9f0 ID des fehlerhaften Prozesses: 0x1960 Startzeit der fehlerhaften Anwendung: 0x01ce0ad098bce369 Pfad der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe Pfad des fehlerhaften Moduls: H:\planetside2\PlanetSide2.exe Berichtskennung: 683bebcb-76d2-11e2-9891-bcaec51fc960 Error - 15.02.2013 06:42:23 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.02.2013 10:56:50 | Computer Name = Timo-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x511bfeca Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ed9f0 ID des fehlerhaften Prozesses: 0x1074 Startzeit der fehlerhaften Anwendung: 0x01ce0b7c5a527fb4 Pfad der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe Pfad des fehlerhaften Moduls: H:\planetside2\PlanetSide2.exe Berichtskennung: ed0b0919-777f-11e2-98ec-bcaec51fc960 Error - 16.02.2013 08:40:18 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002 Description = Programm PlanetSide2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c20 Startzeit: 01ce0c3ee6343a9e Endzeit: 444 Anwendungspfad: H:\planetside2\PlanetSide2.exe Berichts-ID: Error - 16.02.2013 11:34:59 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002 Description = Programm PlanetSide2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2d8 Startzeit: 01ce0c4c573b1f4e Endzeit: 4827 Anwendungspfad: H:\planetside2\PlanetSide2.exe Berichts-ID: Error - 17.02.2013 13:19:40 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002 Description = Programm Skype.exe, Version 6.1.0.129 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10f0 Startzeit: 01ce0b6927861f76 Endzeit: 448 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe Berichts-ID: [ NetLimiter 3 Events ] Error - 20.04.2011 16:48:33 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 22.04.2011 08:22:28 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 26.04.2011 09:01:16 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 27.04.2011 04:26:07 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 27.04.2011 17:52:33 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 28.04.2011 04:52:28 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 28.04.2011 14:20:32 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 29.04.2011 05:15:18 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 30.04.2011 06:41:35 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Error - 30.04.2011 07:38:00 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = [ System Events ] Error - 13.02.2013 11:43:33 | Computer Name = Timo-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 14.02.2013 07:52:46 | Computer Name = Timo-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?02.?2013 um 22:22:21 unerwartet heruntergefahren. Error - 14.02.2013 07:52:48 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NetLimiter 3 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.02.2013 07:52:48 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: nltdi Error - 15.02.2013 06:42:04 | Computer Name = Timo-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?02.?2013 um 22:01:48 unerwartet heruntergefahren. Error - 15.02.2013 06:42:06 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NetLimiter 3 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 15.02.2013 06:42:06 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: nltdi Error - 15.02.2013 06:47:01 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 15.02.2013 06:47:01 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.02.2013 12:36:27 | Computer Name = Timo-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > |
17.02.2013, 18:46 | #4 |
| Delta Search OTL.txt :OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.02.2013 18:20:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free 8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32 Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe PRC - [2011.06.01 21:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010.11.15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe PRC - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.06.09 09:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.12.10 14:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe MOD - [2011.11.22 14:18:58 | 000,061,440 | ---- | M] () -- H:\Drakonia Configurator\HidDevice.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011.01.21 15:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.08 13:54:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.12 19:59:39 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2012.09.04 12:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.06.07 11:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV:64bit: - [2012.10.30 16:35:13 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.09.04 12:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC) DRV:64bit: - [2011.07.28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 00:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.06 12:13:20 | 000,597,504 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.01.24 23:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2008.01.24 23:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2008.01.24 23:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2008.01.24 23:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2012.10.16 14:49:40 | 000,020,528 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{09848B84-7179-4142-8006-A5461C05B662}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=060411_def&babsrc=SP_ss&mntrId=d0c9404b000000000000bcaec51fc960 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKCU\..\SearchScopes\{A525F025-4323-4742-AAE4-85E933F66EAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\..\SearchScopes\{E1D79936-9933-4091-BF99-6C1BEF6C298F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions [2011.04.07 15:51:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.25 09:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2011.02.07 11:41:16 | 000,000,000 | ---D | M] [2013.02.16 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.02.27 19:47:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - homepage: Delta Search CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: Delta Search CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Delta Toolbar = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Skype Click to Call = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ CHR - Extension: Yontoo = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (Java Runtime) - {279384DD-3D1B-4086-8679-AA5EC7268BE1} - C:\Users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll (Oracle Corporation) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe () O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GamingMouse] H:\Drakonia Configurator\hid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [Steam] H:\steam2\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7181A0-39E5-445E-AAAD-3647C489EF4A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\progra~2\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.17 18:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2013.02.16 22:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.02.16 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Delta [2013.02.16 22:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.02.16 22:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.16 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.16 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Babylon [2013.02.12 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\SCE [2013.02.09 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.28 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2013.02.17 17:52:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.17 17:40:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 16:55:03 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job [2013.02.16 22:14:06 | 000,000,706 | ---- | M] () -- C:\Users\Timo\Desktop\JDownloader.lnk [2013.02.16 21:40:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.16 19:00:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 11:42:18 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.02.15 11:42:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.02.15 11:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.15 11:41:45 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 11:28:16 | 000,000,628 | ---- | M] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.07 16:19:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.06 16:30:15 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.06 16:30:15 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.06 16:30:15 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.06 16:30:15 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.06 16:30:15 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.31 16:55:04 | 000,000,200 | ---- | M] () -- C:\Users\Timo\Desktop\Dota 2.url [2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.16 22:14:06 | 000,000,706 | ---- | C] () -- C:\Users\Timo\Desktop\JDownloader.lnk [2013.02.16 22:14:05 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.02.16 22:14:05 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.02.16 22:14:04 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk [2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk [2013.02.12 11:21:37 | 000,000,621 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 16:55:04 | 000,000,200 | ---- | C] () -- C:\Users\Timo\Desktop\Dota 2.url [2012.12.26 18:36:46 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2012.12.26 18:36:37 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2012.12.26 18:36:36 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2012.12.23 18:05:00 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe [2012.12.23 18:05:00 | 000,018,454 | ---- | C] () -- C:\Windows\unins000.dat [2012.10.20 19:44:25 | 000,007,602 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg [2012.05.27 15:10:27 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.02.24 14:04:42 | 000,017,408 | ---- | C] () -- C:\Users\Timo\AppData\Local\WebpageIcons.db [2011.11.24 22:29:50 | 000,594,843 | ---- | C] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe [2011.10.31 11:29:14 | 000,000,669 | ---- | C] () -- C:\Users\Timo\Timo - Verknüpfung.lnk [2011.10.06 19:13:36 | 000,443,392 | ---- | C] () -- C:\Windows\SysWow64\wlsppc.dll [2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini [2011.09.17 11:03:16 | 000,024,561 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\UserTile.png [2011.06.08 12:33:57 | 000,002,157 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini [2011.04.20 09:06:51 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.22 21:09:52 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.13 16:22:23 | 000,005,120 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.06 00:25:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.06 00:25:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.05 23:53:25 | 000,000,135 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.04 20:08:31 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.03.04 20:08:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.04 20:08:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.04 20:08:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat [2011.03.04 20:08:16 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.03.04 20:08:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.03.04 20:08:13 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.03.04 20:07:14 | 000,000,094 | ---- | C] () -- C:\Windows\Brownie.ini [2011.02.07 14:38:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3772474302-332197646-2498302637-1000\$87ef2bcc14ca716fa86ad1420e654d74\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.30 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft [2011.06.18 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Atari [2013.02.16 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Babylon [2011.06.28 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock [2011.10.12 15:43:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock2 [2013.02.16 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BitTorrent [2011.02.05 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited [2013.02.16 22:12:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Delta [2013.02.16 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EurekaLog [2011.04.10 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\facemoods.com [2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FinalTorrent [2012.03.01 14:24:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeArc [2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFileViewer [2011.07.23 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\go [2011.02.23 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\HBLite [2011.05.31 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Hive Cluster [2011.02.07 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\JavaRun [2011.06.18 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leadertech [2011.04.09 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient [2012.05.25 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient2 [2012.12.23 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MingGuan [2011.05.02 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Notepad++ [2011.02.11 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org [2011.02.08 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Phase6 [2011.04.10 22:52:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PriceGong [2011.03.09 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Teeworlds [2012.05.25 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client [2011.03.28 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft [2011.02.07 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue [2011.05.20 12:55:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\XRay Engine ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.07 10:49:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.05.13 12:53:04 | 000,000,000 | ---D | M] -- C:\AeriaGames [2011.03.23 14:11:50 | 000,000,000 | ---D | M] -- C:\BDS [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.13 13:30:48 | 000,000,000 | ---D | M] -- C:\Download [2011.02.07 11:49:41 | 000,000,000 | ---D | M] -- C:\extensions [2012.03.09 23:08:41 | 000,000,000 | ---D | M] -- C:\Fraps [2011.06.06 13:27:17 | 000,000,000 | ---D | M] -- C:\inetpub [2011.07.05 22:11:55 | 000,000,000 | ---D | M] -- C:\MicrovoltsDownloader [2011.04.19 18:34:24 | 000,000,000 | ---D | M] -- C:\Nexon [2011.02.05 13:31:36 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.26 18:36:46 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.16 22:12:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.16 22:11:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.17 18:23:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.07 10:49:03 | 000,000,000 | R--D | M] -- C:\Users [2012.12.26 18:36:46 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.07 11:41:42 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job [2011.02.07 14:37:53 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.02.07 14:37:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.02.25 16:55:48 | 000,000,400 | ---- | C] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job [2011.07.25 12:39:33 | 000,000,264 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job [2012.04.21 11:21:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\Sens.dll < %USERPROFILE%\*.* > [2013.02.17 18:23:56 | 004,194,304 | -HS- | M] () -- C:\Users\Timo\ntuser.dat [2013.02.17 18:23:56 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG1 [2011.12.16 13:57:30 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG2 [2011.02.05 13:20:40 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.11.29 20:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TM.blf [2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms [2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms [2012.01.09 22:45:20 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TM.blf [2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms [2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms [2011.02.04 18:26:44 | 000,000,020 | -HS- | M] () -- C:\Users\Timo\ntuser.ini [2011.10.31 11:29:14 | 000,000,669 | ---- | M] () -- C:\Users\Timo\Timo - Verknüpfung.lnk [2011.11.24 22:29:50 | 000,594,843 | ---- | M] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > ich habe alle Pogramme geschlossen (wenn unten rechts die Symbole nicht dazu zählen) und musste es in zwei Teile teilen, weil das zu viele Zeichen waren. |
17.02.2013, 18:46 | #5 |
| Delta Search OTL.txt : OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.02.2013 18:20:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free 8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32 Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe PRC - [2011.06.01 21:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010.11.15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe PRC - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.06.09 09:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.12.10 14:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe MOD - [2011.11.22 14:18:58 | 000,061,440 | ---- | M] () -- H:\Drakonia Configurator\HidDevice.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011.01.21 15:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.08 13:54:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.12 19:59:39 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2012.09.04 12:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.06.07 11:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV:64bit: - [2012.10.30 16:35:13 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.09.04 12:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC) DRV:64bit: - [2011.07.28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 00:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.06 12:13:20 | 000,597,504 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.01.24 23:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2008.01.24 23:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2008.01.24 23:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2008.01.24 23:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2012.10.16 14:49:40 | 000,020,528 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{09848B84-7179-4142-8006-A5461C05B662}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=060411_def&babsrc=SP_ss&mntrId=d0c9404b000000000000bcaec51fc960 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKCU\..\SearchScopes\{A525F025-4323-4742-AAE4-85E933F66EAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\..\SearchScopes\{E1D79936-9933-4091-BF99-6C1BEF6C298F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions [2011.04.07 15:51:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.25 09:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2011.02.07 11:41:16 | 000,000,000 | ---D | M] [2013.02.16 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.02.27 19:47:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - homepage: Delta Search CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: Delta Search CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Delta Toolbar = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Skype Click to Call = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ CHR - Extension: Yontoo = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (Java Runtime) - {279384DD-3D1B-4086-8679-AA5EC7268BE1} - C:\Users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll (Oracle Corporation) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe () O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GamingMouse] H:\Drakonia Configurator\hid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [Steam] H:\steam2\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7181A0-39E5-445E-AAAD-3647C489EF4A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\progra~2\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.17 18:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2013.02.16 22:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.02.16 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Delta [2013.02.16 22:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.02.16 22:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.16 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.16 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Babylon [2013.02.12 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\SCE [2013.02.09 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.28 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2013.02.17 17:52:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.17 17:40:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 16:55:03 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job [2013.02.16 22:14:06 | 000,000,706 | ---- | M] () -- C:\Users\Timo\Desktop\JDownloader.lnk [2013.02.16 21:40:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.16 19:00:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 11:42:18 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.02.15 11:42:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.02.15 11:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.15 11:41:45 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 11:28:16 | 000,000,628 | ---- | M] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.07 16:19:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.06 16:30:15 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.06 16:30:15 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.06 16:30:15 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.06 16:30:15 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.06 16:30:15 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.31 16:55:04 | 000,000,200 | ---- | M] () -- C:\Users\Timo\Desktop\Dota 2.url [2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.16 22:14:06 | 000,000,706 | ---- | C] () -- C:\Users\Timo\Desktop\JDownloader.lnk [2013.02.16 22:14:05 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.02.16 22:14:05 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.02.16 22:14:04 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk [2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk [2013.02.12 11:21:37 | 000,000,621 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk [2013.02.09 16:13:00 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 16:55:04 | 000,000,200 | ---- | C] () -- C:\Users\Timo\Desktop\Dota 2.url [2012.12.26 18:36:46 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2012.12.26 18:36:37 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2012.12.26 18:36:36 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2012.12.23 18:05:00 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe [2012.12.23 18:05:00 | 000,018,454 | ---- | C] () -- C:\Windows\unins000.dat [2012.10.20 19:44:25 | 000,007,602 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg [2012.05.27 15:10:27 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.02.24 14:04:42 | 000,017,408 | ---- | C] () -- C:\Users\Timo\AppData\Local\WebpageIcons.db [2011.11.24 22:29:50 | 000,594,843 | ---- | C] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe [2011.10.31 11:29:14 | 000,000,669 | ---- | C] () -- C:\Users\Timo\Timo - Verknüpfung.lnk [2011.10.06 19:13:36 | 000,443,392 | ---- | C] () -- C:\Windows\SysWow64\wlsppc.dll [2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini [2011.09.17 11:03:16 | 000,024,561 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\UserTile.png [2011.06.08 12:33:57 | 000,002,157 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini [2011.04.20 09:06:51 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.22 21:09:52 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.13 16:22:23 | 000,005,120 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.06 00:25:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.06 00:25:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.05 23:53:25 | 000,000,135 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.04 20:08:31 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.03.04 20:08:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.04 20:08:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.04 20:08:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat [2011.03.04 20:08:16 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.03.04 20:08:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.03.04 20:08:13 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.03.04 20:07:14 | 000,000,094 | ---- | C] () -- C:\Windows\Brownie.ini [2011.02.07 14:38:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3772474302-332197646-2498302637-1000\$87ef2bcc14ca716fa86ad1420e654d74\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.30 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft [2011.06.18 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Atari [2013.02.16 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Babylon [2011.06.28 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock [2011.10.12 15:43:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock2 [2013.02.16 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BitTorrent [2011.02.05 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited [2013.02.16 22:12:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Delta [2013.02.16 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EurekaLog [2011.04.10 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\facemoods.com [2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FinalTorrent [2012.03.01 14:24:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeArc [2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFileViewer [2011.07.23 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\go [2011.02.23 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\HBLite [2011.05.31 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Hive Cluster [2011.02.07 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\JavaRun [2011.06.18 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leadertech [2011.04.09 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient [2012.05.25 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient2 [2012.12.23 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MingGuan [2011.05.02 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Notepad++ [2011.02.11 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org [2011.02.08 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Phase6 [2011.04.10 22:52:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PriceGong [2011.03.09 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Teeworlds [2012.05.25 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client [2011.03.28 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft [2011.02.07 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue [2011.05.20 12:55:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\XRay Engine ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.07 10:49:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.05.13 12:53:04 | 000,000,000 | ---D | M] -- C:\AeriaGames [2011.03.23 14:11:50 | 000,000,000 | ---D | M] -- C:\BDS [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.13 13:30:48 | 000,000,000 | ---D | M] -- C:\Download [2011.02.07 11:49:41 | 000,000,000 | ---D | M] -- C:\extensions [2012.03.09 23:08:41 | 000,000,000 | ---D | M] -- C:\Fraps [2011.06.06 13:27:17 | 000,000,000 | ---D | M] -- C:\inetpub [2011.07.05 22:11:55 | 000,000,000 | ---D | M] -- C:\MicrovoltsDownloader [2011.04.19 18:34:24 | 000,000,000 | ---D | M] -- C:\Nexon [2011.02.05 13:31:36 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.26 18:36:46 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.16 22:12:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.16 22:11:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.17 18:23:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.07 10:49:03 | 000,000,000 | R--D | M] -- C:\Users [2012.12.26 18:36:46 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.07 11:41:42 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job [2011.02.07 14:37:53 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.02.07 14:37:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.02.25 16:55:48 | 000,000,400 | ---- | C] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job [2011.07.25 12:39:33 | 000,000,264 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job [2012.04.21 11:21:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\Sens.dll < %USERPROFILE%\*.* > [2013.02.17 18:23:56 | 004,194,304 | -HS- | M] () -- C:\Users\Timo\ntuser.dat [2013.02.17 18:23:56 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG1 [2011.12.16 13:57:30 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG2 [2011.02.05 13:20:40 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.11.29 20:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TM.blf [2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms [2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms [2012.01.09 22:45:20 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TM.blf [2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms [2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms [2011.02.04 18:26:44 | 000,000,020 | -HS- | M] () -- C:\Users\Timo\ntuser.ini [2011.10.31 11:29:14 | 000,000,669 | ---- | M] () -- C:\Users\Timo\Timo - Verknüpfung.lnk [2011.11.24 22:29:50 | 000,594,843 | ---- | M] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > ich habe alle Pogramme geschlossen (wenn unten rechts die Symbole nicht dazu zählen) und musste es in zwei Teile teilen, weil das zu viele Zeichen waren. |
17.02.2013, 18:50 | #6 |
/// Malware-holic | Delta Search Hi Kaspersky Homepage aufsuchen bitte, upgraden auf 2013 otl fix Fixen mit OTL
Code:
ATTFilter :OTL O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe :files :Commands [emptytemp]
__________________ --> Delta Search |
17.02.2013, 19:29 | #7 |
| Delta Search Die Datei war nicht auf dem Desktop, aber dafür waren dort 2 mal Desktop.ini und einmal Thumbs.db. Außerdem noch eine Anwendung mit dem Namen "Sicherer Zahlungsverkehr" (was ziehmlich gruselig ist). Hier aber trotzdem was in der Datei stand: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ deleted successfully. File C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found. File C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NetLimiter deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found. File E:\.\Bin\ASSETUP.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found. File F:\Autorun.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 40485646 bytes ->Temporary Internet Files folder emptied: 1103547981 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 255039127 bytes ->Flash cache emptied: 67387 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: nge ->Temp folder emptied: 221710 bytes ->Temporary Internet Files folder emptied: 32685000 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 255586412 bytes ->Flash cache emptied: 104828 bytes User: Public User: Timo ->Temp folder emptied: 4990453411 bytes ->Temporary Internet Files folder emptied: 751363616 bytes ->Java cache emptied: 43276 bytes ->Google Chrome cache emptied: 243732727 bytes ->Flash cache emptied: 448587 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 557056 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2299059278 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes RecycleBin emptied: 30251654040 bytes Total Files Cleaned = 38.362,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02172013_191659 |
17.02.2013, 19:33 | #8 |
/// Malware-holic | Delta Search Hi sicherer ZahlungsVerkehr gehört zu Kaspersky :-) Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.02.2013, 19:41 | #9 |
| Delta Search Ok und wie bekomme ich die nervigen files jetzt vom Desktop? Also die Desktop.ini etc. Hier der log: 19:37:40.0584 5284 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:37:40.0783 5284 ============================================================ 19:37:40.0783 5284 Current date / time: 2013/02/17 19:37:40.0783 19:37:40.0783 5284 SystemInfo: 19:37:40.0783 5284 19:37:40.0784 5284 OS Version: 6.1.7601 ServicePack: 1.0 19:37:40.0784 5284 Product type: Workstation 19:37:40.0784 5284 ComputerName: TIMO-PC 19:37:40.0784 5284 UserName: Timo 19:37:40.0784 5284 Windows directory: C:\Windows 19:37:40.0784 5284 System windows directory: C:\Windows 19:37:40.0784 5284 Running under WOW64 19:37:40.0784 5284 Processor architecture: Intel x64 19:37:40.0784 5284 Number of processors: 4 19:37:40.0784 5284 Page size: 0x1000 19:37:40.0784 5284 Boot type: Normal boot 19:37:40.0784 5284 ============================================================ 19:37:42.0270 5284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:37:42.0286 5284 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C00000 (7.28 Gb), SectorSize: 0x200, Cylinders: 0x3B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:37:42.0288 5284 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:37:42.0314 5284 ============================================================ 19:37:42.0314 5284 \Device\Harddisk0\DR0: 19:37:42.0314 5284 MBR partitions: 19:37:42.0314 5284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:37:42.0314 5284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800 19:37:42.0315 5284 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x30D40000 19:37:42.0315 5284 \Device\Harddisk1\DR1: 19:37:42.0316 5284 MBR partitions: 19:37:42.0316 5284 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xE8DFE0 19:37:42.0316 5284 \Device\Harddisk2\DR2: 19:37:42.0317 5284 MBR partitions: 19:37:42.0317 5284 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000 19:37:42.0317 5284 ============================================================ 19:37:42.0354 5284 C: <-> \Device\Harddisk0\DR0\Partition2 19:37:42.0386 5284 D: <-> \Device\Harddisk0\DR0\Partition3 19:37:42.0403 5284 H: <-> \Device\Harddisk2\DR2\Partition1 19:37:42.0403 5284 ============================================================ 19:37:42.0403 5284 Initialize success 19:37:42.0403 5284 ============================================================ 19:38:05.0007 6752 ============================================================ 19:38:05.0007 6752 Scan started 19:38:05.0007 6752 Mode: Manual; 19:38:05.0007 6752 ============================================================ 19:38:07.0865 6752 ================ Scan system memory ======================== 19:38:07.0865 6752 System memory - ok 19:38:07.0865 6752 ================ Scan services ============================= 19:38:08.0019 6752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:38:08.0030 6752 1394ohci - ok 19:38:08.0101 6752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:38:08.0104 6752 ACPI - ok 19:38:08.0114 6752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:38:08.0120 6752 AcpiPmi - ok 19:38:08.0201 6752 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:38:08.0226 6752 AdobeARMservice - ok 19:38:08.0324 6752 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:38:08.0426 6752 AdobeFlashPlayerUpdateSvc - ok 19:38:08.0462 6752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:38:08.0476 6752 adp94xx - ok 19:38:08.0490 6752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:38:08.0510 6752 adpahci - ok 19:38:08.0515 6752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:38:08.0528 6752 adpu320 - ok 19:38:08.0551 6752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:38:08.0552 6752 AeLookupSvc - ok 19:38:08.0584 6752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:38:08.0599 6752 AFD - ok 19:38:08.0604 6752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:38:08.0620 6752 agp440 - ok 19:38:08.0934 6752 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll 19:38:08.0934 6752 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66 19:38:08.0941 6752 Akamai ( HiddenFile.Multi.Generic ) - warning 19:38:08.0941 6752 Akamai - detected HiddenFile.Multi.Generic (1) 19:38:08.0958 6752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:38:08.0959 6752 ALG - ok 19:38:08.0968 6752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:38:08.0976 6752 aliide - ok 19:38:08.0994 6752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:38:09.0018 6752 amdide - ok 19:38:09.0042 6752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:38:09.0050 6752 AmdK8 - ok 19:38:09.0069 6752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:38:09.0070 6752 AmdPPM - ok 19:38:09.0091 6752 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 19:38:09.0092 6752 amdsata - ok 19:38:09.0113 6752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:38:09.0132 6752 amdsbs - ok 19:38:09.0148 6752 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 19:38:09.0161 6752 amdxata - ok 19:38:09.0210 6752 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 19:38:09.0218 6752 AppHostSvc - ok 19:38:09.0263 6752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:38:09.0278 6752 AppID - ok 19:38:09.0294 6752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:38:09.0295 6752 AppIDSvc - ok 19:38:09.0320 6752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:38:09.0328 6752 Appinfo - ok 19:38:09.0395 6752 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:38:09.0404 6752 Apple Mobile Device - ok 19:38:09.0417 6752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:38:09.0427 6752 arc - ok 19:38:09.0431 6752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:38:09.0439 6752 arcsas - ok 19:38:09.0475 6752 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 19:38:09.0476 6752 AsIO - ok 19:38:09.0537 6752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:38:09.0557 6752 aspnet_state - ok 19:38:09.0585 6752 [ 8C1FD73CC27EDD8D3344C632571C224C ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe 19:38:09.0586 6752 AsSysCtrlService - ok 19:38:09.0608 6752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:38:09.0609 6752 AsyncMac - ok 19:38:09.0630 6752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:38:09.0631 6752 atapi - ok 19:38:09.0649 6752 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 19:38:09.0649 6752 AtiPcie - ok 19:38:09.0682 6752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:38:09.0697 6752 AudioEndpointBuilder - ok 19:38:09.0706 6752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:38:09.0709 6752 AudioSrv - ok 19:38:09.0851 6752 AVP - ok 19:38:09.0901 6752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:38:09.0940 6752 AxInstSV - ok 19:38:09.0962 6752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:38:09.0974 6752 b06bdrv - ok 19:38:09.0999 6752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:38:10.0010 6752 b57nd60a - ok 19:38:10.0057 6752 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe 19:38:10.0060 6752 BCUService - ok 19:38:10.0084 6752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:38:10.0086 6752 BDESVC - ok 19:38:10.0094 6752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:38:10.0095 6752 Beep - ok 19:38:10.0139 6752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:38:10.0169 6752 BFE - ok 19:38:10.0192 6752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:38:10.0209 6752 BITS - ok 19:38:10.0231 6752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:38:10.0232 6752 blbdrive - ok 19:38:10.0393 6752 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:38:10.0417 6752 Bonjour Service - ok 19:38:10.0449 6752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:38:10.0459 6752 bowser - ok 19:38:10.0463 6752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:38:10.0469 6752 BrFiltLo - ok 19:38:10.0482 6752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:38:10.0487 6752 BrFiltUp - ok 19:38:10.0546 6752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:38:10.0562 6752 Browser - ok 19:38:10.0579 6752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:38:10.0590 6752 Brserid - ok 19:38:10.0609 6752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:38:10.0616 6752 BrSerWdm - ok 19:38:10.0635 6752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:38:10.0641 6752 BrUsbMdm - ok 19:38:10.0659 6752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:38:10.0665 6752 BrUsbSer - ok 19:38:10.0737 6752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:38:10.0746 6752 BTHMODEM - ok 19:38:10.0775 6752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:38:10.0776 6752 bthserv - ok 19:38:10.0789 6752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:38:10.0798 6752 cdfs - ok 19:38:10.0830 6752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:38:10.0831 6752 cdrom - ok 19:38:10.0853 6752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:38:10.0861 6752 CertPropSvc - ok 19:38:10.0874 6752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:38:10.0881 6752 circlass - ok 19:38:10.0910 6752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:38:10.0913 6752 CLFS - ok 19:38:10.0957 6752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:38:10.0983 6752 clr_optimization_v2.0.50727_32 - ok 19:38:11.0007 6752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:38:11.0017 6752 clr_optimization_v2.0.50727_64 - ok 19:38:11.0074 6752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:38:11.0096 6752 clr_optimization_v4.0.30319_32 - ok 19:38:11.0110 6752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:38:11.0130 6752 clr_optimization_v4.0.30319_64 - ok 19:38:11.0146 6752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:38:11.0153 6752 CmBatt - ok 19:38:11.0173 6752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:38:11.0180 6752 cmdide - ok 19:38:11.0212 6752 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:38:11.0228 6752 CNG - ok 19:38:11.0236 6752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:38:11.0244 6752 Compbatt - ok 19:38:11.0266 6752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:38:11.0267 6752 CompositeBus - ok 19:38:11.0270 6752 COMSysApp - ok 19:38:11.0279 6752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:38:11.0288 6752 crcdisk - ok 19:38:11.0349 6752 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:38:11.0372 6752 CryptSvc - ok 19:38:11.0394 6752 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 19:38:11.0395 6752 dc3d - ok 19:38:11.0459 6752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:38:11.0463 6752 DcomLaunch - ok 19:38:11.0499 6752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:38:11.0502 6752 defragsvc - ok 19:38:11.0606 6752 [ D2600494C45B98ADFDAE290205AD7CD3 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe 19:38:11.0626 6752 DevoloNetworkService - ok 19:38:11.0648 6752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:38:11.0657 6752 DfsC - ok 19:38:11.0674 6752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:38:11.0686 6752 Dhcp - ok 19:38:11.0707 6752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:38:11.0712 6752 discache - ok 19:38:11.0738 6752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:38:11.0748 6752 Disk - ok 19:38:11.0770 6752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:38:11.0772 6752 Dnscache - ok 19:38:11.0799 6752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:38:11.0809 6752 dot3svc - ok 19:38:11.0836 6752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:38:11.0852 6752 DPS - ok 19:38:12.0053 6752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:38:12.0068 6752 drmkaud - ok 19:38:12.0135 6752 [ DCB557B63F8CDB1DA3F19F69F99CC219 ] DUMeterDrv C:\Program Files (x86)\DU Meter\DUMETR64.SYS 19:38:12.0150 6752 DUMeterDrv - ok 19:38:12.0234 6752 DUMeterSvc - ok 19:38:12.0261 6752 dump_wmimmc - ok 19:38:12.0345 6752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:38:12.0393 6752 DXGKrnl - ok 19:38:12.0408 6752 EagleX64 - ok 19:38:12.0431 6752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:38:12.0433 6752 EapHost - ok 19:38:12.0500 6752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:38:12.0535 6752 ebdrv - ok 19:38:12.0558 6752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:38:12.0566 6752 EFS - ok 19:38:12.0600 6752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:38:12.0621 6752 ehRecvr - ok 19:38:12.0643 6752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:38:12.0645 6752 ehSched - ok 19:38:12.0687 6752 [ A14D6E3EF78F6D6AC42F98D633F2400A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 19:38:12.0688 6752 ElbyCDIO - ok 19:38:12.0709 6752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:38:12.0724 6752 elxstor - ok 19:38:12.0749 6752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:38:12.0755 6752 ErrDev - ok 19:38:12.0807 6752 [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys 19:38:12.0815 6752 ESLWireAC - ok 19:38:12.0929 6752 [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe 19:38:13.0014 6752 EslWireHelper - ok 19:38:13.0047 6752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:38:13.0051 6752 EventSystem - ok 19:38:13.0065 6752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:38:13.0076 6752 exfat - ok 19:38:13.0089 6752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:38:13.0092 6752 fastfat - ok 19:38:13.0137 6752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:38:13.0169 6752 Fax - ok 19:38:13.0185 6752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:38:13.0195 6752 fdc - ok 19:38:13.0229 6752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:38:13.0230 6752 fdPHost - ok 19:38:13.0234 6752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:38:13.0236 6752 FDResPub - ok 19:38:13.0247 6752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:38:13.0248 6752 FileInfo - ok 19:38:13.0275 6752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:38:13.0283 6752 Filetrace - ok 19:38:13.0294 6752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:38:13.0301 6752 flpydisk - ok 19:38:13.0316 6752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:38:13.0329 6752 FltMgr - ok 19:38:13.0369 6752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:38:13.0387 6752 FontCache - ok 19:38:13.0431 6752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:38:13.0454 6752 FontCache3.0.0.0 - ok 19:38:13.0529 6752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:38:13.0540 6752 FsDepends - ok 19:38:13.0570 6752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:38:13.0592 6752 Fs_Rec - ok 19:38:13.0658 6752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:38:13.0669 6752 fvevol - ok 19:38:13.0681 6752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:38:13.0690 6752 gagp30kx - ok 19:38:13.0736 6752 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:38:13.0744 6752 GEARAspiWDM - ok 19:38:13.0789 6752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:38:13.0807 6752 gpsvc - ok 19:38:13.0852 6752 [ 03BF24E2497F9CE09D7863295526C93C ] GUCI_AVS C:\Windows\system32\DRIVERS\GUCI_AVS.sys 19:38:13.0870 6752 GUCI_AVS - ok 19:38:13.0938 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:38:13.0941 6752 gupdate - ok 19:38:13.0979 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:38:13.0981 6752 gupdatem - ok 19:38:14.0011 6752 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:38:14.0012 6752 gusvc - ok 19:38:14.0033 6752 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 19:38:14.0040 6752 hamachi - ok 19:38:14.0043 6752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:38:14.0050 6752 hcw85cir - ok 19:38:14.0090 6752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:38:14.0103 6752 HdAudAddService - ok 19:38:14.0134 6752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:38:14.0136 6752 HDAudBus - ok 19:38:14.0147 6752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:38:14.0155 6752 HidBatt - ok 19:38:14.0180 6752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:38:14.0199 6752 HidBth - ok 19:38:14.0218 6752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:38:14.0227 6752 HidIr - ok 19:38:14.0253 6752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:38:14.0254 6752 hidserv - ok 19:38:14.0293 6752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:38:14.0307 6752 HidUsb - ok 19:38:14.0331 6752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:38:14.0355 6752 hkmsvc - ok 19:38:14.0379 6752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:38:14.0396 6752 HomeGroupListener - ok 19:38:14.0422 6752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:38:14.0435 6752 HomeGroupProvider - ok 19:38:14.0452 6752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:38:14.0463 6752 HpSAMD - ok 19:38:14.0552 6752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:38:14.0576 6752 HTTP - ok 19:38:14.0581 6752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:38:14.0591 6752 hwpolicy - ok 19:38:14.0618 6752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:38:14.0626 6752 i8042prt - ok 19:38:14.0664 6752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:38:14.0677 6752 iaStorV - ok 19:38:14.0721 6752 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 19:38:14.0738 6752 IDriverT - ok 19:38:14.0797 6752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:38:14.0825 6752 idsvc - ok 19:38:14.0829 6752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:38:14.0836 6752 iirsp - ok 19:38:14.0913 6752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:38:14.0932 6752 IKEEXT - ok 19:38:14.0943 6752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:38:14.0951 6752 intelide - ok 19:38:14.0960 6752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:38:14.0968 6752 intelppm - ok 19:38:14.0987 6752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:38:14.0989 6752 IPBusEnum - ok 19:38:14.0998 6752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:38:15.0007 6752 IpFilterDriver - ok 19:38:15.0023 6752 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:38:15.0035 6752 iphlpsvc - ok 19:38:15.0059 6752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:38:15.0068 6752 IPMIDRV - ok 19:38:15.0083 6752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:38:15.0093 6752 IPNAT - ok 19:38:15.0149 6752 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:38:15.0169 6752 iPod Service - ok 19:38:15.0182 6752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:38:15.0192 6752 IRENUM - ok 19:38:15.0222 6752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:38:15.0229 6752 isapnp - ok 19:38:15.0246 6752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:38:15.0258 6752 iScsiPrt - ok 19:38:15.0282 6752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:38:15.0283 6752 kbdclass - ok 19:38:15.0303 6752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:38:15.0304 6752 kbdhid - ok 19:38:15.0311 6752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:38:15.0312 6752 KeyIso - ok 19:38:15.0446 6752 [ 8B5219318DF5895ABD230C373F2DF18A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 19:38:15.0469 6752 KL1 - ok 19:38:15.0507 6752 [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 19:38:15.0515 6752 KLIF - ok 19:38:15.0534 6752 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 19:38:15.0541 6752 KLIM6 - ok 19:38:15.0578 6752 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 19:38:15.0585 6752 klkbdflt - ok 19:38:15.0609 6752 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 19:38:15.0616 6752 klmouflt - ok 19:38:15.0632 6752 [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 19:38:15.0649 6752 kltdi - ok 19:38:15.0688 6752 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 19:38:15.0698 6752 kneps - ok 19:38:15.0727 6752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:38:15.0737 6752 KSecDD - ok 19:38:15.0761 6752 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:38:15.0771 6752 KSecPkg - ok 19:38:15.0789 6752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:38:15.0790 6752 ksthunk - ok 19:38:15.0816 6752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:38:15.0831 6752 KtmRm - ok 19:38:15.0854 6752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:38:15.0866 6752 LanmanServer - ok 19:38:15.0893 6752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:38:15.0902 6752 LanmanWorkstation - ok 19:38:15.0932 6752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:38:15.0933 6752 lltdio - ok 19:38:15.0948 6752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:38:15.0960 6752 lltdsvc - ok 19:38:15.0977 6752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:38:15.0979 6752 lmhosts - ok 19:38:16.0004 6752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:38:16.0013 6752 LSI_FC - ok 19:38:16.0036 6752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:38:16.0045 6752 LSI_SAS - ok 19:38:16.0069 6752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:38:16.0079 6752 LSI_SAS2 - ok 19:38:16.0093 6752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:38:16.0102 6752 LSI_SCSI - ok 19:38:16.0115 6752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:38:16.0116 6752 luafv - ok 19:38:16.0176 6752 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 19:38:16.0197 6752 McComponentHostService - ok 19:38:16.0213 6752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:38:16.0221 6752 Mcx2Svc - ok 19:38:16.0232 6752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:38:16.0240 6752 megasas - ok 19:38:16.0259 6752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:38:16.0272 6752 MegaSR - ok 19:38:16.0294 6752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:38:16.0296 6752 MMCSS - ok 19:38:16.0306 6752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:38:16.0314 6752 Modem - ok 19:38:16.0332 6752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:38:16.0333 6752 monitor - ok 19:38:16.0342 6752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:38:16.0343 6752 mouclass - ok 19:38:16.0351 6752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:38:16.0352 6752 mouhid - ok 19:38:16.0374 6752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:38:16.0397 6752 mountmgr - ok 19:38:16.0419 6752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:38:16.0429 6752 mpio - ok 19:38:16.0438 6752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:38:16.0439 6752 mpsdrv - ok 19:38:16.0474 6752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:38:16.0491 6752 MpsSvc - ok 19:38:16.0508 6752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:38:16.0518 6752 MRxDAV - ok 19:38:16.0549 6752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:38:16.0559 6752 mrxsmb - ok 19:38:16.0586 6752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:38:16.0589 6752 mrxsmb10 - ok 19:38:16.0617 6752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:38:16.0627 6752 mrxsmb20 - ok 19:38:16.0650 6752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:38:16.0651 6752 msahci - ok 19:38:16.0665 6752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:38:16.0675 6752 msdsm - ok 19:38:16.0688 6752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:38:16.0691 6752 MSDTC - ok 19:38:16.0703 6752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:38:16.0704 6752 Msfs - ok 19:38:16.0721 6752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:38:16.0722 6752 mshidkmdf - ok 19:38:16.0733 6752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:38:16.0734 6752 msisadrv - ok 19:38:16.0750 6752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:38:16.0761 6752 MSiSCSI - ok 19:38:16.0765 6752 msiserver - ok 19:38:16.0785 6752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:38:16.0792 6752 MSKSSRV - ok 19:38:16.0798 6752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:38:16.0805 6752 MSPCLOCK - ok 19:38:16.0816 6752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:38:16.0823 6752 MSPQM - ok 19:38:16.0849 6752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:38:16.0862 6752 MsRPC - ok 19:38:16.0877 6752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:38:16.0878 6752 mssmbios - ok 19:38:16.0882 6752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:38:16.0889 6752 MSTEE - ok 19:38:16.0893 6752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:38:16.0899 6752 MTConfig - ok 19:38:16.0932 6752 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 19:38:16.0933 6752 MTsensor - ok 19:38:16.0956 6752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:38:16.0960 6752 Mup - ok 19:38:16.0996 6752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:38:17.0033 6752 napagent - ok 19:38:17.0060 6752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:38:17.0064 6752 NativeWifiP - ok 19:38:17.0098 6752 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 19:38:17.0126 6752 NDIS - ok 19:38:17.0138 6752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:38:17.0139 6752 NdisCap - ok 19:38:17.0157 6752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:38:17.0158 6752 NdisTapi - ok 19:38:17.0173 6752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:38:17.0182 6752 Ndisuio - ok 19:38:17.0205 6752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:38:17.0215 6752 NdisWan - ok 19:38:17.0233 6752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:38:17.0241 6752 NDProxy - ok 19:38:17.0272 6752 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 19:38:17.0279 6752 Netaapl - ok 19:38:17.0310 6752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:38:17.0311 6752 NetBIOS - ok 19:38:17.0328 6752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:38:17.0344 6752 NetBT - ok 19:38:17.0360 6752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:38:17.0361 6752 Netlogon - ok 19:38:17.0441 6752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:38:17.0445 6752 Netman - ok 19:38:17.0487 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:38:17.0506 6752 NetMsmqActivator - ok 19:38:17.0509 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:38:17.0510 6752 NetPipeActivator - ok 19:38:17.0539 6752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:38:17.0544 6752 netprofm - ok 19:38:17.0559 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:38:17.0560 6752 NetTcpActivator - ok 19:38:17.0563 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:38:17.0564 6752 NetTcpPortSharing - ok 19:38:17.0575 6752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:38:17.0582 6752 nfrd960 - ok 19:38:17.0612 6752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:38:17.0624 6752 NlaSvc - ok 19:38:17.0646 6752 [ A56A9B58DDDAA4357C856427690FE61B ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys 19:38:17.0647 6752 NLNdisMP - ok 19:38:17.0649 6752 [ A56A9B58DDDAA4357C856427690FE61B ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys 19:38:17.0650 6752 NLNdisPT - ok 19:38:17.0666 6752 nlsvc - ok 19:38:17.0669 6752 nltdi - ok 19:38:17.0689 6752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:38:17.0690 6752 Npfs - ok 19:38:17.0771 6752 [ 49697C2C761ACB5C0DE99CC8FE93E95B ] NPF_devolo C:\Windows\sysWOW64\drivers\npf_devolo.sys 19:38:17.0772 6752 NPF_devolo - ok 19:38:17.0785 6752 npggsvc - ok 19:38:17.0791 6752 NPPTNT2 - ok 19:38:17.0812 6752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:38:17.0814 6752 nsi - ok 19:38:17.0824 6752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:38:17.0825 6752 nsiproxy - ok 19:38:17.0870 6752 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:38:17.0894 6752 Ntfs - ok 19:38:17.0906 6752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:38:17.0906 6752 Null - ok 19:38:17.0936 6752 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 19:38:17.0938 6752 nusb3hub - ok 19:38:17.0948 6752 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 19:38:17.0951 6752 nusb3xhc - ok 19:38:18.0023 6752 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 19:38:18.0038 6752 NVHDA - ok 19:38:18.0675 6752 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:38:18.0801 6752 nvlddmkm - ok 19:38:18.0831 6752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:38:18.0842 6752 nvraid - ok 19:38:18.0869 6752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:38:18.0879 6752 nvstor - ok 19:38:18.0920 6752 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] NVSvc C:\Windows\system32\nvvsvc.exe 19:38:18.0936 6752 NVSvc - ok 19:38:19.0018 6752 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 19:38:19.0082 6752 nvUpdatusService - ok 19:38:19.0105 6752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:38:19.0122 6752 nv_agp - ok 19:38:19.0134 6752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:38:19.0144 6752 ohci1394 - ok 19:38:19.0211 6752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:38:19.0223 6752 p2pimsvc - ok 19:38:19.0250 6752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:38:19.0255 6752 p2psvc - ok 19:38:19.0275 6752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:38:19.0284 6752 Parport - ok 19:38:19.0305 6752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:38:19.0316 6752 partmgr - ok 19:38:19.0329 6752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:38:19.0332 6752 PcaSvc - ok 19:38:19.0341 6752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:38:19.0343 6752 pci - ok 19:38:19.0353 6752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:38:19.0354 6752 pciide - ok 19:38:19.0360 6752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:38:19.0373 6752 pcmcia - ok 19:38:19.0459 6752 [ A0E7D752514A7D99341D5F2A834224A9 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe 19:38:19.0467 6752 PCToolsSSDMonitorSvc - ok 19:38:19.0491 6752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:38:19.0499 6752 pcw - ok 19:38:19.0517 6752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:38:19.0524 6752 PEAUTH - ok 19:38:19.0550 6752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:38:19.0552 6752 PerfHost - ok 19:38:19.0743 6752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:38:19.0767 6752 pla - ok 19:38:19.0811 6752 [ AB168D5CF1CD69F9FA6F09C828FEA660 ] PlantronicsGC C:\Windows\system32\drivers\PLTGC.sys 19:38:19.0840 6752 PlantronicsGC - ok 19:38:19.0877 6752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:38:19.0891 6752 PlugPlay - ok 19:38:19.0912 6752 PnkBstrA - ok 19:38:19.0922 6752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:38:19.0924 6752 PNRPAutoReg - ok 19:38:19.0940 6752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:38:19.0943 6752 PNRPsvc - ok 19:38:19.0959 6752 [ B23F79E41E30ED500586151A9EF27D8F ] Point64 C:\Windows\system32\DRIVERS\point64.sys 19:38:19.0960 6752 Point64 - ok 19:38:19.0976 6752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:38:19.0989 6752 PolicyAgent - ok 19:38:20.0038 6752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:38:20.0047 6752 Power - ok 19:38:20.0101 6752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:38:20.0115 6752 PptpMiniport - ok 19:38:20.0123 6752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:38:20.0130 6752 Processor - ok 19:38:20.0159 6752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:38:20.0171 6752 ProfSvc - ok 19:38:20.0174 6752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:38:20.0176 6752 ProtectedStorage - ok 19:38:20.0215 6752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:38:20.0225 6752 Psched - ok 19:38:20.0405 6752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:38:20.0432 6752 ql2300 - ok 19:38:20.0446 6752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:38:20.0459 6752 ql40xx - ok 19:38:20.0485 6752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:38:20.0489 6752 QWAVE - ok 19:38:20.0497 6752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:38:20.0499 6752 QWAVEdrv - ok 19:38:20.0510 6752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:38:20.0519 6752 RasAcd - ok 19:38:20.0560 6752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:38:20.0572 6752 RasAgileVpn - ok 19:38:20.0584 6752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:38:20.0586 6752 RasAuto - ok 19:38:20.0608 6752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:38:20.0619 6752 Rasl2tp - ok 19:38:20.0667 6752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:38:20.0681 6752 RasMan - ok 19:38:20.0696 6752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:38:20.0707 6752 RasPppoe - ok 19:38:20.0726 6752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:38:20.0727 6752 RasSstp - ok 19:38:20.0754 6752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:38:20.0766 6752 rdbss - ok 19:38:20.0774 6752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:38:20.0782 6752 rdpbus - ok 19:38:20.0791 6752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:38:20.0791 6752 RDPCDD - ok 19:38:20.0805 6752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:38:20.0805 6752 RDPENCDD - ok 19:38:20.0816 6752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:38:20.0816 6752 RDPREFMP - ok 19:38:20.0847 6752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:38:20.0870 6752 RDPWD - ok 19:38:20.0904 6752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:38:20.0916 6752 rdyboost - ok 19:38:20.0936 6752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:38:20.0938 6752 RemoteAccess - ok 19:38:20.0949 6752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:38:20.0952 6752 RemoteRegistry - ok 19:38:21.0006 6752 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys 19:38:21.0026 6752 Revoflt - ok 19:38:21.0039 6752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:38:21.0042 6752 RpcEptMapper - ok 19:38:21.0049 6752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:38:21.0050 6752 RpcLocator - ok 19:38:21.0080 6752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:38:21.0083 6752 RpcSs - ok 19:38:21.0106 6752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:38:21.0107 6752 rspndr - ok 19:38:21.0139 6752 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:38:21.0149 6752 RTL8167 - ok 19:38:21.0159 6752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:38:21.0160 6752 SamSs - ok 19:38:21.0188 6752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:38:21.0198 6752 sbp2port - ok 19:38:21.0211 6752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:38:21.0214 6752 SCardSvr - ok 19:38:21.0234 6752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:38:21.0240 6752 scfilter - ok 19:38:21.0352 6752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:38:21.0374 6752 Schedule - ok 19:38:21.0395 6752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:38:21.0396 6752 SCPolicySvc - ok 19:38:21.0423 6752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:38:21.0443 6752 SDRSVC - ok 19:38:21.0467 6752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:38:21.0469 6752 secdrv - ok 19:38:21.0491 6752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:38:21.0498 6752 seclogon - ok 19:38:21.0524 6752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:38:21.0526 6752 SENS - ok 19:38:21.0537 6752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:38:21.0539 6752 SensrSvc - ok 19:38:21.0549 6752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:38:21.0550 6752 Serenum - ok 19:38:21.0559 6752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:38:21.0560 6752 Serial - ok 19:38:21.0592 6752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:38:21.0611 6752 sermouse - ok 19:38:21.0646 6752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:38:21.0660 6752 SessionEnv - ok 19:38:21.0674 6752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:38:21.0695 6752 sffdisk - ok 19:38:21.0713 6752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:38:21.0719 6752 sffp_mmc - ok 19:38:21.0723 6752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:38:21.0736 6752 sffp_sd - ok 19:38:21.0739 6752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:38:21.0747 6752 sfloppy - ok 19:38:21.0793 6752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:38:21.0797 6752 SharedAccess - ok 19:38:21.0823 6752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:38:21.0838 6752 ShellHWDetection - ok 19:38:21.0856 6752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:38:21.0863 6752 SiSRaid2 - ok 19:38:21.0882 6752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:38:21.0891 6752 SiSRaid4 - ok 19:38:21.0958 6752 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:38:22.0030 6752 SkypeUpdate - ok 19:38:22.0100 6752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:38:22.0121 6752 Smb - ok 19:38:22.0168 6752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:38:22.0169 6752 SNMPTRAP - ok 19:38:22.0190 6752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:38:22.0191 6752 spldr - ok 19:38:22.0224 6752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:38:22.0241 6752 Spooler - ok 19:38:22.0369 6752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:38:22.0415 6752 sppsvc - ok 19:38:22.0427 6752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:38:22.0430 6752 sppuinotify - ok 19:38:22.0459 6752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:38:22.0478 6752 srv - ok 19:38:22.0493 6752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:38:22.0506 6752 srv2 - ok 19:38:22.0521 6752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:38:22.0532 6752 srvnet - ok 19:38:22.0560 6752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:38:22.0563 6752 SSDPSRV - ok 19:38:22.0575 6752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:38:22.0577 6752 SstpSvc - ok 19:38:22.0610 6752 Steam Client Service - ok 19:38:22.0632 6752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:38:22.0638 6752 stexstor - ok 19:38:22.0677 6752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:38:22.0692 6752 stisvc - ok 19:38:22.0708 6752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:38:22.0709 6752 swenum - ok 19:38:22.0722 6752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:38:22.0728 6752 swprv - ok 19:38:22.0772 6752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:38:22.0812 6752 SysMain - ok 19:38:22.0824 6752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:38:22.0833 6752 TabletInputService - ok 19:38:22.0846 6752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:38:22.0859 6752 TapiSrv - ok 19:38:22.0873 6752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:38:22.0875 6752 TBS - ok 19:38:23.0012 6752 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:38:23.0039 6752 Tcpip - ok 19:38:23.0070 6752 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:38:23.0077 6752 TCPIP6 - ok 19:38:23.0104 6752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:38:23.0113 6752 tcpipreg - ok 19:38:23.0142 6752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:38:23.0150 6752 TDPIPE - ok 19:38:23.0159 6752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:38:23.0167 6752 TDTCP - ok 19:38:23.0200 6752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:38:23.0210 6752 tdx - ok 19:38:23.0224 6752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:38:23.0225 6752 TermDD - ok 19:38:23.0253 6752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:38:23.0270 6752 TermService - ok 19:38:23.0278 6752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:38:23.0280 6752 Themes - ok 19:38:23.0303 6752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:38:23.0305 6752 THREADORDER - ok 19:38:23.0321 6752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:38:23.0323 6752 TrkWks - ok 19:38:23.0356 6752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:38:23.0367 6752 TrustedInstaller - ok 19:38:23.0382 6752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:38:23.0391 6752 tssecsrv - ok 19:38:23.0407 6752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:38:23.0415 6752 TsUsbFlt - ok 19:38:23.0475 6752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:38:23.0514 6752 tunnel - ok 19:38:23.0536 6752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:38:23.0546 6752 uagp35 - ok 19:38:23.0687 6752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:38:23.0740 6752 udfs - ok 19:38:23.0799 6752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:38:23.0828 6752 UI0Detect - ok 19:38:23.0842 6752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:38:23.0851 6752 uliagpkx - ok 19:38:23.0884 6752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 19:38:23.0886 6752 umbus - ok 19:38:23.0895 6752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:38:23.0904 6752 UmPass - ok 19:38:23.0932 6752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:38:23.0936 6752 upnphost - ok 19:38:23.0966 6752 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 19:38:23.0975 6752 USBAAPL64 - ok 19:38:24.0009 6752 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:38:24.0019 6752 usbaudio - ok 19:38:24.0041 6752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:38:24.0043 6752 usbccgp - ok 19:38:24.0051 6752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:38:24.0059 6752 usbcir - ok 19:38:24.0083 6752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:38:24.0084 6752 usbehci - ok 19:38:24.0120 6752 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 19:38:24.0129 6752 usbfilter - ok 19:38:24.0178 6752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:38:24.0191 6752 usbhub - ok 19:38:24.0245 6752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:38:24.0256 6752 usbohci - ok 19:38:24.0268 6752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:38:24.0280 6752 usbprint - ok 19:38:24.0313 6752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:38:24.0333 6752 USBSTOR - ok 19:38:24.0359 6752 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:38:24.0382 6752 usbuhci - ok 19:38:24.0416 6752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:38:24.0434 6752 usbvideo - ok 19:38:24.0468 6752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:38:24.0469 6752 UxSms - ok 19:38:24.0477 6752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:38:24.0477 6752 VaultSvc - ok 19:38:24.0503 6752 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 19:38:24.0504 6752 VClone - ok 19:38:24.0514 6752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:38:24.0531 6752 vdrvroot - ok 19:38:24.0562 6752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:38:24.0574 6752 vds - ok 19:38:24.0588 6752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:38:24.0596 6752 vga - ok 19:38:24.0604 6752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:38:24.0605 6752 VgaSave - ok 19:38:24.0616 6752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:38:24.0619 6752 vhdmp - ok 19:38:24.0665 6752 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 19:38:24.0677 6752 VIAHdAudAddService - ok 19:38:24.0701 6752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:38:24.0710 6752 viaide - ok 19:38:24.0721 6752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:38:24.0723 6752 volmgr - ok 19:38:24.0752 6752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:38:24.0768 6752 volmgrx - ok 19:38:24.0781 6752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:38:24.0785 6752 volsnap - ok 19:38:24.0810 6752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:38:24.0820 6752 vsmraid - ok 19:38:24.0867 6752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:38:24.0886 6752 VSS - ok 19:38:24.0895 6752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 19:38:24.0896 6752 vwifibus - ok 19:38:24.0923 6752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:38:24.0927 6752 W32Time - ok 19:38:24.0996 6752 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 19:38:25.0013 6752 W3SVC - ok 19:38:25.0027 6752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:38:25.0035 6752 WacomPen - ok 19:38:25.0055 6752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:38:25.0064 6752 WANARP - ok 19:38:25.0067 6752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:38:25.0068 6752 Wanarpv6 - ok 19:38:25.0082 6752 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 19:38:25.0084 6752 WAS - ok 19:38:25.0111 6752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:38:25.0132 6752 wbengine - ok 19:38:25.0144 6752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:38:25.0147 6752 WbioSrvc - ok 19:38:25.0169 6752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:38:25.0185 6752 wcncsvc - ok 19:38:25.0198 6752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:38:25.0200 6752 WcsPlugInService - ok 19:38:25.0204 6752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:38:25.0214 6752 Wd - ok 19:38:25.0290 6752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:38:25.0297 6752 Wdf01000 - ok 19:38:25.0312 6752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:38:25.0314 6752 WdiServiceHost - ok 19:38:25.0317 6752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:38:25.0319 6752 WdiSystemHost - ok 19:38:25.0333 6752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:38:25.0345 6752 WebClient - ok 19:38:25.0361 6752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:38:25.0365 6752 Wecsvc - ok 19:38:25.0376 6752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:38:25.0378 6752 wercplsupport - ok 19:38:25.0397 6752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:38:25.0401 6752 WerSvc - ok 19:38:25.0412 6752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:38:25.0433 6752 WfpLwf - ok 19:38:25.0437 6752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:38:25.0445 6752 WIMMount - ok 19:38:25.0465 6752 WinDefend - ok 19:38:25.0470 6752 WinHttpAutoProxySvc - ok 19:38:25.0522 6752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:38:25.0525 6752 Winmgmt - ok 19:38:25.0574 6752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:38:25.0600 6752 WinRM - ok 19:38:25.0649 6752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:38:25.0666 6752 WinUsb - ok 19:38:25.0699 6752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:38:25.0708 6752 Wlansvc - ok 19:38:25.0874 6752 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:38:25.0913 6752 wlidsvc - ok 19:38:25.0945 6752 [ 7A58BA979F7ACB3FC5310C771A1CF155 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 19:38:25.0946 6752 WmBEnum - ok 19:38:25.0956 6752 [ 8693A75C3FFD4A0C9E32BE621FDA71FB ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 19:38:25.0957 6752 WmFilter - ok 19:38:25.0977 6752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:38:25.0978 6752 WmiAcpi - ok 19:38:26.0007 6752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:38:26.0009 6752 wmiApSrv - ok 19:38:26.0012 6752 WMPNetworkSvc - ok 19:38:26.0034 6752 [ 3D9266CCD0F1EDB020C7AA24D527942B ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 19:38:26.0035 6752 WmVirHid - ok 19:38:26.0046 6752 [ 3CFFDF56A00408913B1E51C67F999E2E ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 19:38:26.0047 6752 WmXlCore - ok 19:38:26.0059 6752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:38:26.0061 6752 WPCSvc - ok 19:38:26.0082 6752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:38:26.0091 6752 WPDBusEnum - ok 19:38:26.0121 6752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:38:26.0129 6752 ws2ifsl - ok 19:38:26.0145 6752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:38:26.0147 6752 wscsvc - ok 19:38:26.0150 6752 WSearch - ok 19:38:26.0279 6752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:38:26.0311 6752 wuauserv - ok 19:38:26.0322 6752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:38:26.0331 6752 WudfPf - ok 19:38:26.0360 6752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:38:26.0371 6752 WUDFRd - ok 19:38:26.0414 6752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:38:26.0424 6752 wudfsvc - ok 19:38:26.0444 6752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:38:26.0447 6752 WwanSvc - ok 19:38:26.0511 6752 X6va003 - ok 19:38:26.0536 6752 X6va005 - ok 19:38:26.0600 6752 X6va008 - ok 19:38:26.0654 6752 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 19:38:26.0660 6752 YahooAUService - ok 19:38:26.0684 6752 ================ Scan global =============================== 19:38:26.0766 6752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:38:26.0791 6752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:38:26.0807 6752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:38:26.0827 6752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:38:26.0889 6752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:38:26.0895 6752 [Global] - ok 19:38:26.0896 6752 ================ Scan MBR ================================== 19:38:26.0908 6752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:38:27.0073 6752 \Device\Harddisk0\DR0 - ok 19:38:27.0078 6752 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 19:38:28.0788 6752 \Device\Harddisk1\DR1 - ok 19:38:28.0793 6752 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2 19:38:28.0797 6752 \Device\Harddisk2\DR2 - ok 19:38:28.0798 6752 ================ Scan VBR ================================== 19:38:28.0800 6752 [ D76AD1E64AEA1E295C086CB6396D6D1C ] \Device\Harddisk0\DR0\Partition1 19:38:28.0801 6752 \Device\Harddisk0\DR0\Partition1 - ok 19:38:28.0808 6752 [ FD67970C3FDA0D8EA55FBC5D74E814C0 ] \Device\Harddisk0\DR0\Partition2 19:38:28.0809 6752 \Device\Harddisk0\DR0\Partition2 - ok 19:38:28.0824 6752 [ 3B64EAA56F138B9EC831AE9CA27B71AA ] \Device\Harddisk0\DR0\Partition3 19:38:28.0825 6752 \Device\Harddisk0\DR0\Partition3 - ok 19:38:28.0829 6752 [ 663F54E04E809918DC9BCA74384C7000 ] \Device\Harddisk1\DR1\Partition1 19:38:28.0830 6752 \Device\Harddisk1\DR1\Partition1 - ok 19:38:28.0834 6752 [ 48AB988E7E46C3FBBA8BA5DB68049A23 ] \Device\Harddisk2\DR2\Partition1 19:38:28.0836 6752 \Device\Harddisk2\DR2\Partition1 - ok 19:38:28.0836 6752 ============================================================ 19:38:28.0836 6752 Scan finished 19:38:28.0836 6752 ============================================================ 19:38:28.0848 6928 Detected object count: 1 19:38:28.0848 6928 Actual detected object count: 1 19:39:00.0311 6928 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 19:39:00.0311 6928 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip |
17.02.2013, 20:24 | #10 |
/// Malware-holic | Delta Search Hi, die inis einfach löschen. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.02.2013, 21:45 | #11 |
| Delta Search Combofix Logfile: Code:
ATTFilter ComboFix 13-02-15.01 - Timo 17.02.2013 20:34:08.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.1809 [GMT 1:00] ausgeführt von:: c:\users\Timo\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\HBLite c:\program files (x86)\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf c:\program files (x86)\ShoppingReport2 c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 c:\programdata\HBLiteSA c:\programdata\HBLiteSA\HBLiteSA.dat c:\programdata\HBLiteSA\HBLiteSA_hpk.dat c:\programdata\HBLiteSA\HBLiteSA_kyf.dat c:\programdata\HBLiteSA\HBLiteSAAbout.mht c:\programdata\HBLiteSA\HBLiteSAau.dat c:\programdata\HBLiteSA\HBLiteSAEULA.mht c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar c:\users\Timo\AppData\Local\Temp\nswA028.tmp\System.dll c:\users\Timo\AppData\Roaming\facemoods.com c:\users\Timo\AppData\Roaming\HBLite c:\users\Timo\AppData\Roaming\PriceGong c:\users\Timo\AppData\Roaming\PriceGong\Data\1.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\a.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\b.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\c.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\d.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\e.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\f.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\g.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\h.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\i.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\J.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\k.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\l.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\m.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\mru.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\n.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\o.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\p.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\q.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\r.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\s.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\t.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\u.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\v.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\w.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\x.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\y.xml c:\users\Timo\AppData\Roaming\PriceGong\Data\z.xml . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-17 bis 2013-02-17 )))))))))))))))))))))))))))))) . . 2013-02-17 19:49 . 2013-02-17 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-17 19:49 . 2013-02-17 19:49 -------- d-----w- c:\users\nge\AppData\Local\temp 2013-02-17 19:49 . 2013-02-17 19:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2013-02-17 18:16 . 2013-02-17 18:16 -------- d-----w- C:\_OTL 2013-02-17 18:14 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll 2013-02-17 18:13 . 2013-02-17 18:13 -------- d-----w- c:\windows\ELAMBKUP 2013-02-17 18:12 . 2013-02-17 18:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2013-02-16 21:12 . 2013-02-16 21:12 -------- d-----w- c:\program files (x86)\Delta 2013-02-16 21:12 . 2013-02-16 21:12 -------- d-----w- c:\users\Timo\AppData\Roaming\Delta 2013-02-16 21:11 . 2013-02-16 21:11 -------- d-----w- c:\program files (x86)\Yontoo 2013-02-16 21:11 . 2013-02-16 21:11 -------- d-----w- c:\programdata\Tarma Installer 2013-02-16 21:11 . 2013-02-16 21:11 -------- d-----w- c:\programdata\Babylon 2013-02-16 21:11 . 2013-02-16 21:11 -------- d-----w- c:\users\Timo\AppData\Roaming\Babylon 2013-02-12 10:22 . 2013-02-12 10:22 -------- d-----w- c:\users\Timo\AppData\Local\SCE 2013-02-07 15:19 . 2013-02-07 15:19 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-28 18:40 . 2013-01-28 18:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-28 18:40 . 2013-01-28 18:40 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-28 18:40 . 2013-01-28 18:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 18:48 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-02-17 18:48 . 2012-10-25 11:42 613720 ----a-w- c:\windows\system32\drivers\klif.sys 2013-02-08 12:54 . 2012-04-21 10:21 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 12:54 . 2011-07-29 14:52 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-28 18:40 . 2011-02-05 21:25 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-25 13:05 . 2011-07-10 20:13 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-01-25 13:05 . 2011-03-05 23:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-12-23 17:03 . 2012-12-23 17:05 1184699 ----a-w- c:\windows\unins000.exe 2012-12-20 10:51 . 2011-03-05 23:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-15 12:03 . 2011-03-05 23:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-11-21 16:45 . 2011-04-20 08:06 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-07-03 14:41 . 2012-05-27 14:10 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{279384DD-3D1B-4086-8679-AA5EC7268BE1}] 2011-02-03 11:30 201728 ----a-w- c:\users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] 2011-05-31 12:29 88976 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] 2011-06-01 20:44 1236376 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] 2010-11-09 09:21 371320 ----a-w- c:\program files (x86)\Freeze.com\NetAssistant\NetAssistant.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll" [2011-05-31 88976] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-03-26 400760] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-02-07 438272] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-07 39408] "Akamai NetSession Interface"="c:\users\Timo\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Steam"="h:\steam2\Steam.exe" [2013-02-15 1597864] "ESL Wire"="c:\program files\EslWire\wire.exe" [2012-10-10 4104192] "DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2012-10-16 3822560] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536] "TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "GamingMouse"="h:\drakonia configurator\hid.exe" [2012-06-07 246784] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-17 356376] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoCommonGroups"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll . R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [x] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-11-06 597504] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 X6va003;X6va003;c:\users\Timo\AppData\Local\Temp\00358B1.tmp [x] R3 X6va005;X6va005;c:\users\Timo\AppData\Local\Temp\005CDEE.tmp [x] R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-02-17 54104] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616] S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2012-10-16 2051552] S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-09-04 147472] S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-09-04 678416] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584] S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2012-10-16 20528] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 15:35 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 12:54] . 2013-02-17 c:\windows\Tasks\Free File Viewer Update Checker.job - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-25 15:50] . 2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 13:37] . 2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 13:37] . 2013-02-17 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584] "PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2009-06-09 319488] "GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=HP_ss&mntrId=d0c9404b000000000000bcaec51fc960 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file) AddRemove-BittorrentBar_DE Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE AddRemove-BrickForce - c:\brickforce\uninst.exe AddRemove-Origin - c:\program files (x86)\Origin\OriginUninstall.exe AddRemove-Registry Mechanic_is1 - c:\program files (x86)\Registry Mechanic\unins000.exe AddRemove-Resident Evil 4_is1 - h:\resident evil 4\unins000.exe AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe AddRemove-Sudden Strike II - c:\progra~2\SUDDEN~1\UNINST~1\UNWISE.EXE AddRemove-Worms Reloaded Full-Rip - d:\spiele\Worms Reloaded Full-Rip\uninst.exe AddRemove-Worms Reloaded_is1 - h:\worms reloaded\unins000.exe AddRemove-{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1 - c:\program files\gPotato.eu\FlyFF\unins000.exe AddRemove-{C6A0FD8A-F107-44CA-AA1B-49341936F76A} - c:\program files (x86)\InstallShield Installation Information\{C6A0FD8A-F107-44CA-AA1B-49341936F76A}\setup.exe AddRemove-FoxTab PDF Creator - d:\allesw~1\Uninstall\Uninstall.exe AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe AddRemove-soe-PlanetSide 2 - h:\planetside\uninstaller.exe AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files (x86)\EA Games\Battlefield Heroes\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc] "ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:0a,49,84,58,c2,83,01,34,e4,df,2c,13,06,81,51,94,1c,39,43,d1,c0,b0,1e, e1,3b,e9,94,d7,3e,11,58,82,02,73,87,29,8d,63,0a,7e,c6,38,bf,10,5a,68,c4,ed,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . [HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\Software\SecuROM\License information*] "datasecu"=hex:fe,45,87,97,fe,c2,f0,35,ed,7d,97,53,96,c7,ea,0a,6e,9a,2b,6e,82, e2,01,5d,a5,47,b0,a0,99,b0,00,c9,7c,62,92,72,0c,0b,d0,94,e3,f9,36,49,ba,a4,\ "rkeysecu"=hex:6b,e5,09,95,f7,e9,3c,79,0e,9c,7e,e9,62,f5,b6,bb . [HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\ð* :*] @Allowed: (Read) (RestrictedCode) DUMPHIVE0.003 (REGF) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files\ASUS\TurboV EVO\TurboVHELP.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-02-17 21:34:30 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-02-17 20:34 . Vor Suchlauf: 16 Verzeichnis(se), 47.161.585.664 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 48.817.262.592 Bytes frei . - - End Of File - - BEF68CE76A63BFF2A6C7481CA887C88B et voilà |
18.02.2013, 15:10 | #12 |
/// Malware-holic | Delta Search Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.02.2013, 23:33 | #13 |
| Delta Search Ein bisschen spät aber hier: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.18.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Timo :: TIMO-PC [Administrator] 18.02.2013 17:16:51 mbam-log-2013-02-18 (17-16-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 630895 Laufzeit: 1 Stunde(n), 56 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Daten: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
18.02.2013, 23:37 | #14 |
/// Malware-holic | Delta Search Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2013, 13:37 | #15 |
| Delta Search also soll ich ihn nicht ausfürhren sondern einfach in die uninstall list gehen? |
Themen zu Delta Search |
ahnung, bestimmte, bestimmten, browser, delts search, einstellung, falsche, folge, folgendes, forum, gefährlich, hallo zusammen, internetseite, link, neu, neue, neuen, problem, schnell, search, seite, seiten, tab, wenig ahnung, windows, zusammen, öffnet |